Jump to content

Koen

Members
  • Posts

    14
  • Joined

  • Last visited

Posts posted by Koen

  1. I'm trying to run the OMV installer script on top of the Helios4 armbian buster, but it borks at lsb_release : command not found, same if i try to run that command manually, though lsb-release is installed.  Any help ?

  2. 16 hours ago, Werner said:

    It was integrated into the build script. You can find more information here:

    https://github.com/armbian/build/pull/1182

    https://github.com/armbian/build/issues/1584

    I don't know this build stuff.  And my issue isn't over ssh but serial console.

     

    I worked the old fashioned way: booting a vanilla image, installing cryptsetup & dropbear-initramfs, deal with the first 2k bytes & /boot, making crypto partition, rsync'ing the system, configure initramfs & generate a new one, edit armbianEnv & generate new boot.cmd.  On ssh it automatically runs the "unlock" command and all i need to do is enter the password (over serial or SSH).

     

    It's basically a minor nuisance, over serial console only.  But i rather have everything proper, to avoid issues later and in case of network unavailable.  It's a weird fluke, that seems related to authentication (whether that's login or sudo elevation).

  3. 1 hour ago, Werner said:

    The cryptoroot feature was added by user contribution and is broken for several month now. Therefore you might be on your own to fix this.

     

    It uses standard debian packages ?  I can do (and have done) the same on x64 or raspbian.

     

    Or is there some tool to generate custom images that has / had cryptoroot ?

  4. Next i'm trying to get a LUKS encrypted system.   It looks okay.  Ish.

     

    If i unlock over SSH via dropbear, logging in to serial console is buggy and terminal laggy.   Sometimes the login prompt line is all in green text rather than white.  First attempt always fails.  I seem to need to hit every key twice too.  I get these errors :

    Cannot initialize device-mapper. Is dm_mod kernel module loaded?
    Cannot use device sdcard, name is invalid or still in use.

    In /etc/crypttab is (which hints at the 2nd line).

    sdcard  /dev/mmcblk0p3  none    luks

    If i login via SSH first, then the login via serial goes okay, but the first sudo authentication fails and those two lines appear.

     

    Anyone know what's happening or how to fix ?

  5. @aprayoga

    Maybe #1 is a result of removing the default en_US and only enabling localised version ?  Whatever i tried, i couldn't get it fixed, so went the manual conf file way and it vanished immediately (even within armbian-config everything then looked fine).

     

    #4 yes, iptables-legacy works fine, apparently also required for fail2ban which doesn't (yet) support nftables.

  6. 20 hours ago, sirleon said:

    @Koen

    Don´t know if this is the right direction for you but i had a similar problem trying to get docker running. I had to switch back to iptables-legacy like it is descriped here.

     

    Also NetworkManager don´t get DNS via DHCP so i had to remove the line "dns = default" in /etc/NetworkManager/NetworkManager.conf to get name resolution to work. 

    Yes, fixed with :

    update-alternatives --set iptables /usr/sbin/iptables-legacy

    apparently also needed if you want to use fail2ban.  So (currently) no need to convert rules and blabla.  I'm also wondering if nftables will stick around longer than the firewalld from before, nothing as annoying than learning new firewall speak, especially since security is tantamount.

  7. I'm trying to start afresh on the latest buster image, but failing miserably.

    1. Armbian-config setting Locale not working and subsequently giving perl errors.  (Fixed by manually editing /etc/default/locale)
    2. Arbmian-config setting Keyboard not doing anything.  (Fixed by manually edditing /etc/default/keyboard)

    3. Arbmian-config accessing "system - CPU" crashes armbian-config.

    cat: /sys/devices/system/cpu/cpufreq/policy0/scaling_available_frequencies: File or folder doesn't exist
    cat: /sys/devices/system/cpu/cpufreq/policy0/scaling_available_governors: File or folder doesn't exist

    4. Can't do anything iptables, not even -L to see existing rules, let alone actually configuring anything.

    iptables v1.8.2 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain INPUT

    Haven't been able to get around the last one.  Tried removing and reinstalling the iptables package, but same result.

  8. This is very useful information, as i'm planning to have boot root (SD) and data (SATA mirror) encrypted, with BTRFS on top.  Better get started the good way.  :)

    @djurny : did you come across good links explaining the differences / risks of cbc versus xtc, or even essiv versus plain64 ?

     

    Found this guide for the root fs :

     

    And the data fs i should be able to do with a keyfile on the rootfs.  I think it needs to be 2x LUKS and BTRFS "mirror" on top, so i could actually benefit from the self healing functionality, in case of a scrub.

     

    @gprovost : am i correct to understand the CESA will be used automatically by dm-crypt, if aes-cbc-essiv (or another supporter cypher) is used ?
    Also looking forward to read updated performance numbers, to understand if it would be worth modifying the openssl libraries or not.  :) 

  9. On 1/2/2019 at 5:04 AM, gprovost said:

    @GeckoX Good to hear you figure it out. Yes OMV is the easiest approach to setup your NAS without the need to be too much Linux savvy.

     

    @Koen No there is no microSD card included in the kit.

    Some users of the 1st batch got a free microSD card but it was a free goodie from the PCBA factory to apology from their repeated delay.

     

    I guess we know what DPD should do then for its delays and tracking issues.  :D

    Imho, since my understanding is you need a microSD card to get started (even if you eventually would choose to install to USB / SATA), is it would be good if it were included (even at extra cost) so one can get started once the kit arrives; or at least made more clear it's something to procure separately.

    Anyway, i hope to soon take it for a spin.  :)

×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines