Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > f8eb492b80dedd2f6cd33cf45dfc65b6 > files > 40

howto-text-zh-2006-5mdv2010.0.noarch.rpm


                      Loopback Encrypted Filesystem HOWTO
                                       
§@ªÌ¡GRyan T. Rhea, zzrhear@pobox.winthrop.edu
ĶªÌ¡G»¯¥­±æ tchao@worldnet.att.net

   v1.1, 29 November 1999 ½Ķ¤é´Á¡G2000¦~1¤ë15¤é
     _________________________________________________________________
   
   ¥»¤å¥ó¸ÑÄÀ¦p¦ó¦w¸Ë©M¨Ï¥Î¤@ºØ¨Ï¥ÎªÌ¥[¸ü«á¥i°ÊºA©MµL»Ý±Ä¨ú¯S§O¨BÆJ´N¯à¥[
   ±K¤åÀɤº®eªº¤åÀɨt²Î¡C³oºØ¤åÀɨt²Î¦s©ñ¦b³q±`¤å¥ó¤º¡A¥¦¥i§@¬°ÁôÂäå¥óÁô
   ÂáA¤]¥i¨Ï¥Î·¥¥i¯à·|³Q©¿²¤ªº¤@¯ë¤åÀɦWºÙ¦s©ñ¡A¥H¦¹´£°ª¼Æ¾Ú¸ê®ÆÀx¦sªº¦w
   ¥þ¡C
     _________________________________________________________________
   
1. «e¨¥

2. ¾É¨¥

3. ºK­n

4. ¸Ô²Ó¤º®e
     _________________________________________________________________
   
1. «e¨¥

   «Ø¥ß³o­Ó¤åÀɨt²Î»Ý­n¦³¤º®Öªº·½¥N½X¡B½s¿è¥N½Xªº¯à¤O©M­@¤ß¡A¦P®É±j¯P«Øij
   ¤âÃäÀH®É¦³±Ò°Ê½L¥i¥Î¡C §â­«­n¸ê®Æªø´Á¦s©ñ¦b¥[±Kªº¤åÀɨt²Î¤§«e¡AÀ³­º¥ý»s
   §@³Æ¥÷«O¦s¡A ¦]¬°¥ô¦ó¦s©ñ¦b¹q¸£ªº¸ê®Æ³£¦³¾D¨ì·lÃa¤£¥i¨ú¥Îªº¥i¯à¡C
   
   ­n§¹¦¨«Ø¥ß³o­Ó¤åÀɨt²Î¡A°_½X­n­×¸É Linux ¤º®Ö 2.2.9 ª©¡CÃö©ó­×¸Éªº²Ó¸`
   ¡A ¨£¤U¤å [1]¸Ô²Ó¤º®e ¤@¸`¤ºªº¤º®e¡C
   
   ¤º®Ö·½¥N½X¥i±q¤U¦Cºô§}¤U¸ü¡G
   
     [2]ftp://ftp.kerneli.org/
     
   Ãö©ó­«½s¤º®Öªºµ{§Ç¥i¬d¾\¬ÛÃö HOWTO ¤å¥ó¡Aºô§}¦p¤U¡G
   
     [3]http://metalab.unc.edu/LDP/HOWTO/
     
   ³o¥÷¤å¥ó¥i¥þ¤å©Î³¡¤ÀÂà¸ü¡A¤£¦¬¶O¥Î¡A¦ý»Ý²Å¦X¤U¦C±ø¥ó¡G
   
     * ¦b¥þ¤å©Î³¡¤ÀÂà¸ü¤¤À³¥þ¤å¸ü¦Cª©Åv»¡©ú©M³o¥÷Âà¸ü¦P·N®Ñ¡C
     * ¥ô¦ó½Ķ©Î¥Ñ³o¥÷¤å¥ó¥Í¦¨ªº¤å¥»¦b´²µo«e§¡À³¨ú±o§@ªÌªº®Ñ­±¦P·N¡C
     * ¦pªG¥u´²µo¥»¤å³¡¤À¤º®e¡A«hÀ³¦b´²µoªº¤å¥»¤º¦C¤J¨ú±o¥»¤å¥þ¤åªº¸Ô²Ó¤è
       ªk©M³~®|¡C
     * ¤å¤º©Ò¦³·½¥N½X§¡¨ü¨ì GNU ¤@¯ë¤½¦@³\¥iµýªº«OÅ@¡C³\¥iµý¤º®e¥i³q¹L°Î¦W
       FTP ºô§}¤U¸ü¡G
       
     [4]ftp://prep.ai.mit.edu/pub/gnu/COPYING/
     
2. ¾É¨¥

   ³o¶µ¹Lµ{¨Ï¥Î¡§/dev/loop*¡¨¡]¦b¦h¼Æ¦w¸Ë¨t²Î¤¤* ¬° 0-7 ¡^¥[¸ü loopback ¤å
   Àɨt²Î¡C ±Ä¥Î¦PºØ¤èªk¥i±N Linux ªº¤åÀɨt²Î¤£¥[±K¦a¦s©ñ¦b«D Linux ¤À³Î°Ï
   ¡C¦b«e­z LDP ºô§}¤W¦s¦³Ãö¤_³o¤è­±ªº HOWTO¡C
   
   ¤åÀÉ¥[±Kªº¤èªk˼¦h¡A¥]¬A XOR, DES, twofish, blowfish, cast128,
   serpent, MARS, RC6, DFC ©M IDEA¡C ¡§losetup¡¨µ{¦¡ªº¤u§@«K¬O±N¥[±K¤åÀÉ©M
   ¤åÀɨt²Î¤Î¨ä±K½XÁp¨t¦b¤@°_¡C®Ú¾ÚºÞ²z kerneli.org ©M°ê»Ú¥[±K­×¸É³n¥ó
   ¡]international crypto patches¡^ªº Alexander Kjeldaas ¥ý¥Íªº¬Ýªk¡A DES
   ©M losetup ¥Ø«e¨Ã¤£­Ý®e¡C ³o¬O¥Ñ¤_³o¨âºØ³n¥ó³B²z parity bit ªº¤èªk¤£¦P
   ªº½t¬G¡C¥Ø«e Linux ¨t²Î¨ÃµL¤ä«ù DES ªº­pµe¡A¦]¬° DES ±K½Xªº¥[±Kµ{«×¤ñ¸û
   ¤£°÷ÄY±K¡C
   
   Twofish, blowfish, cast128 ©M serpent ±K½X¥i¥ô·N¨Ï¥Î¡A¨S¦³¥ô¦ó³\¥iµýªº
   ­­¨î¡C ¨ä¥L±K½X¥i¯à¦³¤@¨Ç³\¥iµý¤è­±ªº³W©w¡C¦³¨Ç±K½X¤J¿ï§@¬° AES ¼Ð·Ç¡C
   ³Ì«á¿ï©wªº±K½X±N§@¬°¥þ¥@¬É§K¶O¨Ï¥Îªº±K½X¡C
   
   ¥»¤å¨Ï¥Î serpent ¥[±Kªk¥[±K¡A¦]¬°³oºØ¥[±Kªk«O±K©Ê±j¡A¹B¦æ·¥§Ö¡A¦P®É®Ú¾Ú
   GPL ªº³W©w¥i§K¶O´²µo¡C ¦b serpent ¦³Ãöªº¤å¥ó¤¤«ü¥X¡Aserpent ³n¥ó¨Ï¥Î
   Ross Anderson, Eli Biham ©M Lars Knudsen ³]­pªºªø«× 128-bit ªº±K½X²Õ¡C
   ³o¹ï¨Ï¥ÎªÌªº«O±K­n¨D´£¨Ñ¤F³Ì°ª«OÃÒ¡A ¦]¬°¨ì¥Ø«e¬°¤î¡A¨ÃµL¸Ñ½XªºÂ²³æ¿ìªk
   ¡C¦³Ãö serpent ªº¤å¥ó¤Î¨ä·½¥N½X¥i±q¤U¦Cºô§}¤U¸ü¡G
   
     [5]http://www.cl.cam.ac.uk/~rja14/serpent.html
     
   ³o¥÷¤å¥ó°²³]¨Ï¥ÎªÌ±N±K½Xª½±µ½s¤J¤º®Ö¡C¤£¹L¡A±K½X¤]¥i§@¬°¼Ò²Õ½s¤J¡A ¦ý¦b
   ¸Ó¤å¥ó¤¤¨Ã¥¼¹ï³oºØ¤èªk¥[¥H°Q½×¡C¤£¹L¤èªk¤]˼²³æ¡A¥u»Ý½s¿è
   ¡§/etc/conf.module¡¨; ¸Ô±¡¨£«e­±´£¨ìªºÃö©ó½s¿è¤º®Öªº HOWTO ¤å¥ó¡C
   
3. ºK­n

   ³o¶µ¹Lµ{¯A¤Î³\¦h¨BÆJ¡C¦b¤U¸` [6]¸Ô²Ó¤º®e ¤¤¹ï³o¨Ç¨BÆJ¦³¸Ô²Ó»¡©ú¡C ¥ý¹ï
   ³o¨Ç¨BÆJ§@¥XºK­n»¡©ú¤]³\¬O¤£¿ùªº¥D·N¡A¦]¬° Unix ©M Linux ªº°ª¤â¤]³\¤£»Ý
   ­n¸Ô²Ó¨BÆJ¡C ³o¨Ç¨BÆJ¦p¤U¡G
   
    1. ¤U¸ü³Ì·sªº°ê»Ú¥[±K­×¸É³n¥ó (½s¼g¥»¤å®Éªº³Ì·sª©¥»¬°
       ¡§patch-int-2.2.10.4¡¨)¡G
       
     [7]http://ftp.kerneli.org/pub/kerneli/
    2. ­×¸É¤º®Ö
    3. ¹B¦æ 'config' (©Î 'menuconfig' ©Î 'xconfig')¡A¬°·s¤º®Ö³]¸m
       'MakeFile'¡C ³]©w¥[±Kªº¦U­Ó¿ï¶µ¨Ã¤£¶°¤¤¦b¤@°_¡C­º¥ý¡A­n³]©w¥ô¦ó¿ï¶µ
       ³£±o¿ï¥Î 'Code Maturity level options' ¶µ¤Uªº 'Prompt for
       development and/or incomplete code/drivers'¡C¦b 'Crypto options' ¶µ
       ¤U¿ï¥Î 'crypto ciphers' ©M 'serpent' ¨â¶µ¡C¦b¦¹¦A¦¸°²³]¨Ï¥Î
       serpent ¥[±K¡A¤£¹L¤]¥i¸Õ¥Î¨ä¥Lªº¥[±K¿ìªk¡C ¦b¦¹¥²»Ý«ü¥X¡ADES ¨ì
       2.2.10.4 ª©³£ÁÙ»P¨t²Î¤£­Ý®e - ¦ô­p¥¼¨Ó¤]¤£·|­Ý®e¡C¦b 'Block
       Devices' ¤U¦³¤L­Ó­«­n¿ï¶µ¥²»Ý¿ï©w¡C³o¥]¬A 'Loopback device
       support', 'Use relative block numbers as basis for transfer
       functions (RECOMMENDED)' ©M 'General encryption support' µ¥¦U¶µ¡C¦¹
       ³B¤£­n¿ï 'cast 128' ©Î 'twofish' ¥[±K¡C¦¹¥~¦b¦UºØºô¸ô¤¤¤]¤£»Ý¿ï¨ú¥ô
       ¦ó¥[±K¿ï¶µ¡C ¥ô¦ó¦³Ãö¤º®Öªº³]¸m¤èªk§¡¥i°Ñ¾\ LDP ¤å¥ó¡A¤£¦b¦¹³B¦A¦¸
       ÂØ­z¡C
    4. ½s¿è·s¤º®Ö
    5. ½s¿è '/etc/lilo.conf'¡A¥H«K¦b³]¸m¤åÀɤº¼W¥[·s¤º®Ö¡C¹B¦æ 'lilo -v'
       ±N¤º®Ö¥[¨ì boot loader ¤º¡C
    6. ±q¤U¦Cºô§}¤U¸ü³Ì·sªº 'util-linux' ·½¥N½X (¦¹³B¨Ï¥Î
       'util-linux-2.9v' ª©)¡G
       
     [8]ftp://ftp.kernel.org/pub/linux/utils/util-linux/
    7. ¸ÑÀ£ 'util-linux' ·½¥N½X¡C
    8. §Q¥Î¦b '/usr/src/linux/Documentation/crypto/' ¥Ø¿ý¤ºªº¬ÛÀ³­×¸É³n¥ó
       ¡C
    9. ¥J²Ó¾\Ū 'INSTALL'¡C³o®M³n¥ó¤º¦³³\¦h»P¨t²Î¦³Ãöªº¤åÀɪº·½¥N½X ¡]­«­n
       ªº¤u¨ã¦p'login', 'passwd'©M'init'µ¥¡^¡C¦pªG¦b½s¿è³o¨Ç·½¥N½X¤§«e ¤£
       ¥J²Ó¦a½s¿è MCONFIG¡A³Ì¦n¤âÀYÀH®É¦³±Ò°Ê¤ù¥i¥Î¡A¦]¬°¨t²ÎÀH®É³£·|¿ù¶Ã
       ¡C °ò¥»¤W¡A±N©Ò¦³ 'HAVE_*' ³£³]¦¨¡§yes¡¨¡A¨Ï©Ò¦³­«­nªº¨t²Î³n¥ó³£¤£
       ·|³Q§ó§ï¡C »Ý­n­««Øªº¤u¨ã¬O 'mount' ©M 'losetup'¡A¥H¾A¦X·sªº¥[±K»Ý
       ­n¡C ²Ó¸`¤£§«°Ñ¬Ý¤U¤å [9]¸Ô²Ó¤º®e ¡C
   10. ½s¿è©M¦w¸Ë 'util-linux'¡C
   11. ¥Î·s¤º®Ö­«·s±Ò°Ê¹q¸£¡C
   12. ½s¿è '/etc/fstab'¡A¼W¥[¥[¸üÂI¡A¨BÆJ¦p¤U¡G
       ______________________________________________________________
     
/dev/loop0  /mnt/crypt  ext2  user,noauto,rw,loop 0 0
       ______________________________________________________________
     
   13. ¦p¤W¤å '/mnt/crypt' ªº¤è¦¡¡A«Ø¥ß¯à¦¬¦s¤åÀɨt²Îªº¥Ø¿ý¡C
   14. §@¬°¨Ï¥ÎªÌ¡A¦¬¦s¥[±Kªº¤åÀɦp¤U¡G
       
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10

   15. ¹B¦æ losetup ¦p¤U¡G
       
losetup -e serpent /dev/loop0 /etc/cryptfile

       ª`·N¡G³]©w¨Ï¥Î±K½Xªº¾÷·|¥u¦³¤@¦¸¡C¥i¥Î¤U¦C«ü¥O¬d®Ö¨Ï¥Î±K½X¡G
       
losetup -d /dev/loop0

       ³o±ø«ü¥O·|¨Ï loop device °±¤î§@¥Î¡CÀH«á¦A±Ò°Ê losetup ´N¥i´ú¸Õ¨Ï¥Î
       ±K½X¡A¤èªk¦p¤U¡G
       
losetup -e serpent /dev/loop0 /etc/cryptfile

   16. ³]©w ext2 ¤åÀɨt²Î¦p¤U¡G
       
mkfs -t ext2 /dev/loop0 100000

   17. ¦¹®É´N¥i¥[¸ü¥[±Kªº¤åÀɨt²Î¡G
       
mount -t ext2 /dev/loop0 /mnt/crypt

   18. §¹¦¨¥[±K¤§«á¡A¥i¨ø¸ü©M«OÅ@¤åÀɨt²Î¦p¤U¡G
       
umount /dev/loop0
losetup -d /dev/loop0'

4. ¸Ô²Ó¤º®e

   ¤º®Ö­×¸É³n¥ó¡G
   
   ¥i±q¡§2.2.x¡¨ª©ªº¤º®Ö¶}©l­×¸É¤º®Ö¡C¬°¡§2.2.x¡¨ª©ªº¤º®Ö½s¼gªº­×¸É³n¥ó³£
   ªþ±a°£¿ùµ{§Ç¡]bugfixes¡^¡C ·s¥\¯à³£·|¥[¤J Linux ¡§2.3.x¡¨ª©ªº¶}µo¤º®Ö¡C
   ­×¸É¤º®Öªº¿ìªk¬O­º¥ý¨ú±o©Ò¦³­×¸É³n¥ó¡A µM«á¥H¤U¦C«ü¥O­×¸É¡G
   
cd /usr/src
gzip -cd patchXX.gz  patch -p0

   ­«´_ xx ¦Uª©¥»ªº­×¸É¡A±q¦¸§Ç§Cªº xx ©¹°ªªº¤è¦V¨Ì¦¸­×¸É¡C
   
   ¤º®Ö·½¥N½XªºÀq»{¥Ø¿ý¬O '/usr/src/linux'¡C¦p·½¥N½X¦b¨ä¥L¥Ø¿ý¡A¥i±q
   '/usr/src/linux' «Ø¥ß¤@­Ó²Å¸¹³s±µ¡]symbolic link¡^¡C
   
   ¬° 'util-linux' ªº½s¿è³]©w 'MCONFIG'¡G
   
   ¥H¤U¬O½s¿è 'util-linux' ®É­×§ï 'MCONFIG' Àɪº³¡¤À¤º®e¡CÀHµÛ¨t²Îª©¥»ªº¤£
   ¦P¡A­×§ï¤è¦¡¨Ã¤£§¹¥þ¬Û¦P¡A ¦¹³B°ò¥»¤W¥H RedHat 5.2 ¬°·Ç¡CÃöÁ䤧³B¬O¤£­n
   Âл\­«­nªº¨t²Î¤u¨ã¡A¨Ò ¦p'login'¡B'getty'©Î'passwd' µ¥¡C¥H¤U¦C¥X¤@¨Ç­«
   ­nªº³]©w¡G
       ______________________________________________________________
     
CPU=$(shell uname -m sed s/I.86/intel/)

LOCALEDIR=/usr/share/locale

HAVE_PAM=no

HAVE_SHADOW=yes

HAVE_PASSWD=yes

REQUIRE_PASSWORD=yes

ONLY_LISTED_SHELLS=yes

HAVE_SYSVINIT=yes

HAVE_SYSVINIT_UTILS=yes

HAVE_GETTY=yes

USE_TTY_GROUP=yes

HAVE_RESET=yes

HAVE_SLN=yes

CC=gcc
       ______________________________________________________________
     
   «Øij¡G
   
   ±q'dev/loop0' ¨ì '/dev/loop7'¡A³o 8 ­Ó loopback devices §¡¥i¥Î¤_¦¹³B¡C
   §Q¥Î¥Ø¿ý¦WºÙ¤£¤ÓÅã²´ªº¥Ø¿ý§@¬°¥[¸üÂI¡C¤£§«¦b home ¥Ø¿ý¤º«Ø¥ß¤@­ÓÅv­­¬°
   700 ªº¥[±K¥Ø¿ý¡C ¤]¥Î¤£Åã²´ªº¥Ø¿ý¦s©ñ¥[±K¤åÀÉ¡C¤£§«¦b '/etc' ¤º¨Ï¥Î
   'sysfile' ©Î 'config.data' ³oÃþ¦WºÙ¡C ¤@¯ë³oÃþ¦WºÙªº¥Ø¿ý©Î¤åÀɳ£¤£¤Ó¨ü
   ¤Hª`·N¡C
   
   ¤U¦C Perl ¸}¥»¥i¥Î¤_¥[¸ü©M¨ø¸ü¤åÀɨt²Î¡C±N¨ä§Û¤J¨t²Î¡A§ï¦¨¥i¹B¦æ
   ¡]chmod u+x¡^¡A µM«á¦s©ñ¦b¸ô®|¥Ø¿ý¤¤¡C
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to setup loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`losetup -e serpent /dev/loop0 /etc/cryptfile`;
`mount /mnt/crypt`;
       ______________________________________________________________
     
   ±N¤W­z¸}¥»ºÙ¬° 'loop'¡A´N¥i¥Î¤@­Ó«ü¥O¡]'loop'¡^©M±K½X³]©w loopback ¥[±K
   ¤åÀɨt²Î¡C
       ______________________________________________________________
     
#!/usr/bin/perl -w
#
#minimal utility to deactivate loopback encryption filesystem
#Copyright 1999 by Ryan T. Rhea
`umount /mount/crypt`;
`losetup -d /dev/loop0`;
       ______________________________________________________________
     
   ±N³o­Ó¸}¥»ºÙ¬° 'unloop'¡A¥H«á¥u­nÁä¤J 'unloop' ´N¥i¥ß§Y°±¤î³o­Ó¤åÀɨt²Î
   ªº¹B§@¡C

References

   1. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   2. ftp://ftp.kerneli.org/
   3. http://metalab.unc.edu/LDP/HOWTO/
   4. ftp://prep.ai.mit.edu/pub/gnu/COPYING/
   5. http://www.cl.cam.ac.uk/~rja14/serpent.html
   6. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe
   7. http://ftp.kerneli.org/pub/kerneli/
   8. ftp://ftp.kernel.org/pub/linux/utils/util-linux/
   9. file://localhost/tmp/zh-sgmltools.26907/Loopback-Encrypted-Filesystem-HOWTO.txt.html#%B8%D4%B2%D3%A4%BA%AEe

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional