Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Working on a project for which I am using MySQL. As much as I love the thing it has been scaring me a little since Oracle bought them. They have pledged to keep the project open-source friendly a while back but I still worry. PostgreSQL seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install zlib1g-dev libreadline6-dev gcc make

  • Download the latest source and extract:


    wget ftp://ftp.postgresql.org/pub/source/v9.2.x/postgresql-9.2.x.tar.bz2
    tar xjfv postgresql-9.2.x.tar.bz2

    Note
    I am using v9.2.4 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd postgresql-9.2.x/
    ./configure
    make -j y world
    sudo make install-world

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy start up script:


    sudo cp contrib/start-scripts/linux /etc/init.d/postgresql

  • Remove working directory:


    cd ../
    rm -rf postgresql-9.2.x/
    rm postgresql-9.2.x.tar.bz2

  • Add user:


    sudo useradd postgres

  • Create data directories:


    sudo mkdir /var/lib/postgresql/
    sudo chown postgres:postgres /var/lib/postgresql/

    Create data:


    sudo su - postgres -c "/usr/local/pgsql/bin/initdb -D /var/lib/postgresql/"

  • Create configuration directory:


    sudo mkdir /etc/postgresql/
    sudo chown postgres:postgres /etc/postgresql/

    Move configuration:


    sudo mv /var/lib/postgresql/postgresql.conf /var/lib/postgresql/pg_hba.conf /var/lib/postgresql/pg_ident.conf /etc/postgresql/

    Open postgresql.conf:


    sudo nano /etc/postgresql/postgresql.conf

    Change postgresql.conf:


    data_directory = '/var/lib/postgresql/'
    external_pid_file = '/var/run/postgresql.pid'

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Open start up script:


    sudo nano /etc/init.d/postgresql

    Change start up script:


    PGDATA="/etc/postgresql/"
    PGLOG="/var/log/postgresql.log"

    Under ## EDIT FROM HERE add:


    PGGROUP=postgres
    PGPID="/var/run/postgresql.pid"

    Above su - $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1, under start) add:


    touch $PGPID
    chown $PGUSER:$PGGROUP $PGPID

    Under su - $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast", under stop) add:


    rm $PGPID

  • Make start up script executable:


    sudo chmod +x /etc/init.d/postgresql
    sudo update-rc.d postgresql defaults

  • Start service:


    sudo service postgresql start

  • [Optional] Make commands available to all users:


    sudo ln -s /usr/local/pgsql/bin/* /usr/local/bin/

    [Optional] Make C includes and libraries available to all users:


    sudo ln -s /usr/local/pgsql/include/* /usr/local/include/
    sudo ln -s /usr/local/pgsql/lib/* /usr/local/lib/
    sudo ldconfig

    Note
    These just make life slightly easier. If you prefer you can always just call everything by their absolute paths or put them in your $PATH.


Sources
http://www.postgresql.org/docs/current/static/installation.html
http://www.postgresql.org/docs/9.2/static/server-start.html

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Working on a project for which I am using MySQL. As much as I love my relational databases they may not always be the best tool for the job. As such, for the first time, I am evaluating other solutions. Redis seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install make gcc

  • Download the latest source and extract:


    wget http://redis.googlecode.com/files/redis-2.6.x.tar.gz
    tar xzfv redis-2.6.x.tar.gz

    Note
    I am using v2.6.14 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd redis-2.6.x/
    make -j y
    sudo make install

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy and open Redis configuration:


    sudo mkdir /etc/redis/
    sudo cp redis.conf /etc/redis/
    sudo nano /etc/redis/redis.conf

    Change the following options:


    daemonize yes
    dir /var/lib/redis/
    syslog-enabled yes
    syslog-ident redis
    syslog-facility local0

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Remove working directory:


    cd ../
    rm -rf redis-2.6.x/
    rm redis-2.6.x.tar.gz

  • Add user:


    sudo useradd redis

  • Create data directories:


    sudo mkdir /var/lib/redis/
    sudo chown redis:redis /var/lib/redis/
    sudo mkdir /var/log/redis/
    sudo chown redis:redis /var/log/redis/

  • Setup start up script:


    sudo nano /etc/init.d/redis-server

    Within this file add the following and save/close:


    #! /bin/sh

    ### BEGIN INIT INFO
    # Provides: redis-server
    # Required-Start: $syslog $remote_fs
    # Required-Stop: $syslog $remote_fs
    # Should-Start: $local_fs
    # Should-Stop: $local_fs
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: redis-server - Persistent key-value db
    # Description: redis-server - Persistent key-value db
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/local/bin/redis-server
    DAEMON_ARGS=/etc/redis/redis.conf
    NAME=redis-server
    DESC=redis-server
    PIDFILE=/var/run/redis.pid

    test -x $DAEMON || exit 0

    set -e

    case "$1" in
    start)
    echo -n "Starting $DESC: "

    touch $PIDFILE
    chown redis:redis $PIDFILE

    if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    ;;

    stop)
    echo -n "Stopping $DESC: "

    if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    rm -f $PIDFILE

    ;;

    restart|force-reload)
    ${0} stop
    ${0} start

    ;;

    status)
    echo -n "$DESC is "

    if start-stop-daemon --stop --quiet --signal 0 --name ${NAME} --pidfile ${PIDFILE}
    then
    echo "running"
    else
    echo "not running"

    exit 1
    fi

    ;;

    *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2

    exit 1

    ;;
    esac

    exit 0

    Make script executable:


    sudo chmod +x /etc/init.d/redis-server
    sudo update-rc.d redis-server defaults

  • Start the server:


    sudo service redis-server start


Notes

  • I have not experimented with this on a 32-bit machine but I doubt it would be very useful for anything other than seeing what is what. If you are going to use this in anything remotely resembling a production environment I would use a 64-bit machine without question.
  • I disabled snapshotting for my tests as I will not need it. If you end up using it– such as in the default configuration– you might want to add vm.overcommit_memory = 1 to /etc/sysctl.conf.
Show Hidden Files in OS X 10.7 (Lion) and OS X 10.8 (Mountain Lion)

Show Hidden Files in OS X 10.7 (Lion) and OS X 10.8 (Mountain Lion)

After a long search I recently replaced my aging netbook. I ended up with one of the new 13″ MacBook Airs on which I dual-boot OS X (for firmware updates, Xcode for iOS development) and Linux Mint.

Attempting to access an older project with some hidden files I discovered I could not see them by default. I went into File -> Preferences..., no option. I went into View -> Show View Options, nothing there that helped. Turns out the solution is a bit more cumbersome.

What you need to do is open Terminal and type in:

defaults write com.apple.Finder AppleShowAllFiles YES

Make sure you restart Finder after for the change to take effect.

Netbook to Microsoft Surface Pro?

Netbook to Microsoft Surface Pro?

I have been in the market for a tablet-like netbook replacement for about one year now. I love my netbook but it has limited memory and I want to play with developing for a multi-point touch screen. So off I go looking for a tablet or tablet-like device with a keyboard and mouse/touchpad running industry standard software (currently Linux Mint). It needs to be portable and have all the things that come with that (small, battery life, usable while on my lap, ect). So… I was just looking at the specs of the Microsoft Surface Pro again which is due out in ~two weeks.

Microsoft thinks…

  1. … I am going to give them $899 to $999? Plus tax? No.
  2. … I will pay extra for a cover/keyboard? No, that should be included. I do not care if Apple did not do it, either. If I cared what Apple did I would be an Apple user, not a PC fanboy.
  3. … four to five hours of battery life coming in at much less than my netbook at nearly a third of the price is alright? No. Battery life is something I will often sacrifice for other things but this? These are the advertised numbers, not the real-world numbers.
  4. … locked down hardware I own but can not use is appealing to me? No. Unless I get the blessing of the most out-of-touch company I know of in the entire industry do I really “own” it (yes, this is why I am not an Apple fanboy)? I know they want to support their other business– namely Windows– but they just choose to make $0 instead of more than $0 by spitting on the power users. Hell, I am not sure I even know anyone but myself who does not dual-boot if they run another OS on PC.

I was seriously considering the switch until they announced the awful, awful details. Seriously, for all my distrust and bad experiences with their products I was very, very much looking forward to (even excited over) a great-looking, Slate-like device. I thought, “this can be what the Slate never was for me.” Nope, not at that price point. Not ever for those specs.

Perhaps I will pick one up cheap on eBay when Microsoft backs out without a lot of thought like they have done so many times recent memory. I feel like I am watching Lost all over again. I feel like, at the start, I am thinking “these guys are masters of suspense” and “I can not wait to see where they take this given the little tidbits I know now.” Then I realize two or three seasons in that no one has any idea what they are doing, where they want the show to go, nor how to build something sustainable. It is all shock and awe, but the glitter washes away and all you are left with is the Surface Pro.

Are… are they… who… IS MICROSOFT FUCKING BATSHIT INSANE?!?!?!? I do not normally curse on this blog but who saw all this, said “I like it, roll it out” (or even “we spent too much money, we have to go forward, our reputation can take the hit”) and gave it the green light?!?

You want to put your boot on the back of my neck you better expect me to come out swinging. You can only mismanage so many things so many times before you have no credibility left to spend. You used to be the big dog?

Used to be.

Update 2012.02.22
Sssooo… I bought a Surface Pro 128GB. Not sure why I did but I regret every moment since and want my money and the five minutes I spent at checkout back.

Thus far I am having great difficulty getting it to boot reliably from external media (even the Microsoft support staff at the brick and mortar stores are baffled). The WiFi just drops out, even with Microsoft’s released fix. The keyboard is designed to shut itself off while folded back so you do not accidentally hit keys but some times it does not turn itself back on (even if you unplug and reattach it). The fix is to reboot… you know, like you have to do with Windows every 15 minutes. It gets very hot even if you have not logged in. The Microsoft-documented on-boot key combination to select a boot device does not work (it brings up the UEFI boot configuration settings which is useless all but once). The screen is not adjustable while the stand is out. If you want a tablet replacement, fine. If you want a netbook replacement while in front of a flat surface, fine. If you want a netbook replacement on the go (the whole point of something so small, mind you), you are screwed.

The hardware looks solid on paper. Is plenty light. The Type keyboard feels nice. It even performs well… if you are happy with Windows 8. Except when you lose WiFi. Also except when it gets too hot to hold… while it is not even doing anything.

Unknown Armies Online?

Unknown Armies Online?

With all the (hopefully) useful information on this blog do you know what the most viewed article is? My Unknown Armies Online post. By far. I am talking by over 100% the views of my second place post. For years now.

It was just a thought. Just half a thought, really. Nothing was ever supposed to come of it unless I found the time. Perhaps there is a demand for it?

Convert an OpenCV 2 Image to an Allegro 5 Image In C/C++

Convert an OpenCV 2 Image to an Allegro 5 Image In C/C++

Just a quick sample for converting an OpenCV 2 image (Mat) to an Allegro 5 image (ALLEGRO_BITMAP).

First we need to setup some things and have places to store some stuff:

#include <allegro5/allegro.h>
#include <allegro5/allegro_image.h>
#include <cv.h>
#include <highgui.h>

cv::VideoCapture video([device number/filename]);
cv::Mat frame;
ALLEGRO_BITMAP *image = al_create_bitmap([width], [height]);

Next the guts:

video >> frame;
if ( !frame.empty() ) {
	al_set_target_bitmap(image);
	al_lock_bitmap(image, ALLEGRO_PIXEL_FORMAT_ANY, ALLEGRO_LOCK_WRITEONLY);
	for ( int y = 0; y < [height]; y++ ) {
		for ( int x = 0; x < [width]; x++ ) {
			cv::Vec3b &pixel = frame.at(y, x);
			al_put_pixel(x, y, al_map_rgb(pixel[2], pixel[1], pixel[0]));
		}
	}
	al_unlock_bitmap(image);
}

A few notes:

  • OpenCV 2 does not often work in RGB unless you make it. It is typically the reverse, BGR. Unless you have a specific need I see no reason not to do the conversion on-the-fly as above.
  • This sample assumes everything is the same width, height, color depth, ect, so watch out for that. Allegro, in particular, may slow to a crawl if you do not watch your conversions.
  • I am very not happy with the performance of this so it does need some work in that respect. It does, however, work very well otherwise. My goal is to get my Atom-based netbook running this smoothly. The Raspberry Pi may be a pipe dream but I am going to try.
  • This was tested in Linux with hardware I know what to expect out of. If there is any chance your webcam/video/whatever may return something other than a 24-bit (uint8, uint8, uint8) BGR color space you will need to account for that. Both OpenCV and Allegro have a number of functions/macros for that kind of thing.

This is mostly for my own notes but I figured someone else might also be interested. None of this is meant to be complete but, if you are struggling like I was, this should be all you need to pass that hurdle. Give a man a fish… alright, back to my cold, week-old “chinese” food and root beer.

Update 2012.11.28
After some more experimentation (and a nudge in the right direction from Peter Wang) I have tweaked the guts and it now runs much, much faster:

video >> frame;
if ( !frame.empty() ) {
	ALLEGRO_LOCKED_REGION *region = al_lock_bitmap(image, ALLEGRO_PIXEL_FORMAT_ANY, ALLEGRO_LOCK_WRITEONLY);
	for ( int y = 0; y < [height]; y++ ) {
		for ( int x = 0; x < [width]; x++ ) {
			uint32_t *ptr32 = (uint32_t *)region->data + x + y * (region->pitch / 4);
			*ptr32 = (frame.data[y * webcam_width * 3 + x * 3 + 0] << 16) | (frame.data[y * webcam_width * 3 + x * 3 + 1] << 8) | (frame.data[y * webcam_width * 3 + x * 3 + 2] << 0);
		}
	}
	al_unlock_bitmap(image);
}

Encrypted Linux Mint 13 and Linux Mint 14 Install

Encrypted Linux Mint 13 and Linux Mint 14 Install

As an updated version of my previous article, here are the steps I took to get an encrypted Linux Mint 14 install. This article should also be used for Linux Mint 13 as I discovered some very minor issues with the old method (seriously, they were so minor I would not bother reinstalling if you were not already planning to).

So, zzzoooooommm:

  • Boot into any Linux Mint 13 or Linux Mint 14 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could go down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article. I suggest you use the inteded hostname either way.
    • In a terminal create your encrypted logical volumes: sudo vgcreate system /dev/mapper/system && sudo lvcreate -n root -l 100%FREE system
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system-root
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 14:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system-root and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the installer filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 14 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system-root /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev && sudo mount -o bind /sys /mnt/sys && sudo mount -t proc proc /mnt/proc
    • In a terminal change into new installation: sudo chroot /mnt
    • In a terminal setup network resolution: echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >> /etc/resolv.conf
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2
    • In a terminal setup our configuration for booting: echo "system UUID=$(ls -l /dev/disk/by-uuid | grep sda2 | cut -d ' ' -f 9) none luks" > /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/proc ; sudo umount /mnt/sys ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt
  • Reboot into your new, encrypted installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 14 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).
Compile Allegro 5.0.x on Linux Mint and Ubuntu

Compile Allegro 5.0.x on Linux Mint and Ubuntu

As a sister article to my Cross Compile Allegro 5 Programs in Linux for Windows post, here are the steps I took to get Allegro 5 installed on Linux Mint 13, Linux Mint 14, and Ubuntu 12.10:

  1. Download and extract the latest .tar.gz-compressed source.
  2. Install the required packages: sudo apt-get install -y cmake g++ freeglut3-dev libxcursor-dev libpng12-dev libjpeg-dev libfreetype6-dev libgtk2.0-dev libasound2-dev libpulse-dev libopenal-dev libflac-dev libdumb1-dev libvorbis-dev libphysfs-dev
    • [Note] Would be a good idea to do a sudo apt-get update first.
  3. Create a workspace: mkdir "build" && cd "build/"
  4. Create make files: cmake "../"
    • [Note] By default cmake will want to configure make for a release shared build. If you want a debug build you will need -DCMAKE_BUILD_TYPE=Debug or -DCMAKE_BUILD_TYPE=Profile for a profiling build.
  5. Compile: make
    • [Optional] By default make will not eat up all the processing power it can. Add -j# to change this behavior, where # is the number of job you would like to have running in parallel. If you machine is more or less idle the number of processors available should not hurt anything. If you are using your machine you might want to some half that number instead.
  6. Install to respective paths: sudo make install && sudo ldconfig
    • [Optional] Recommended if you are unsure as to why this step is optional.

If you want to compile an Allegro 5 C++ application– assuming you completed all the steps above and have g++ installed– you can run g++ [source file(s)] -o [output] `pkg-config --libs allegro-5.0`. There are, of course, many more Allegro 5 add-ons (check out pkg-config --list-all | grep allegro) but I will leave using those up to you to discover on your own.

As of this writing Allegro 5 v5.0.8 was the latest version.

Update 2012.11.28
Seems I already had some things installed from some other projects so I did not notice some missing dependencies. Thanks to weapon_S and sorry about that.

Shutting Down Windows 7 Without Installing Updates

Shutting Down Windows 7 Without Installing Updates

With the exception my gaming machine I have abandoned Windows. Still, however, I do some times deal with it.

One of the more common annoyances is trying to shutdown when Windows has downloaded, but not installed, updates. In this case Windows may take forever and a day to finally cut the power. If you need to go somewhere in a rush, this blows. If you are on a laptop and the battery is about to die you are better off with hibernation (which has to be enabled, takes up a decent amount of disk space, and has its own problems), putting the machine to sleep (which has its own problems), or just letting it die at the desktop. If you interrupt the update process– say, because it has been nearly 30 minutes– you risk explodeorizing your install.

There is an option built into Windows 7 that will allow you to add an ‘Install Updates And Shut Down’ in Shut Down Windows dialog box option. For some reason it is not enabled by default, but that is pretty easy to take care of:

  • Start, Run, enter gpedit.msc.
  • Surf over to User Configuration, Administrative Templates, Windows Components, Windows Update.
  • Edit Do not adjust default option to ‘Install Updates And Shut Down’ in Shut Down Windows dialog box to be Enabled. Make sure Do not display ‘Install Updates and Shut Down’ Option in Shut Down Windows dialog box is not set to Enabled.

The option will only appear when there are updates that need installing. You could also change your Windows Update settings but if you got here you probably are not interested in doing that.

I have not tested this with other versions of Windows. I assume this applies to Vista/Server 2008 and up but do not hold me to that.

Encrypted Linux Mint 13 Install

Encrypted Linux Mint 13 Install

Check out my other article instead of this one.

Unity is a nice interface which is becoming increasingly polished. As a matter of fact I have switched a number of family members over and they are loving it. It, however, is seriously flawed for “power users” like myself. For example, I often have many text editors open at once and Unity slows me way down (yes, I lived in it for at least one month to give it a fair chance, no this is not an article about why I dislike Unity for my own use).

I have since moved over to Linux Mint 13 with Mate. Since I hate the idea of having any of my data unencrypted, and Linux Mint 13 does not support it in the installer, I needed a solution. I even held off installing it on all my machines until I could ensure my useless collection of funny pictures were protected from… some… scary, funny picture-related threat.

Any way, we should get started before I start looking at those pictures for the rest of the day. I am going to assume sda here but if you want to use another disk simply substitute for that.

Here we go:

  • Boot into any Linux Mint 13 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could down down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article.
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 13:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the Linux Mint 13 filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 13 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev ; sudo mount -t proc proc /mnt/proc ; sudo mount -t sysfs sys /mnt/sys
    • In a terminal change into new installation: sudo chroot /mnt /bin/bash
    • [Optional] In a terminal update out-dated pakcages: apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get clean
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2 && echo "system UUID=$(ls -l /dev/disk/by-uuid | grep $(basename /dev/sda2) | cut -d ' ' -f 10) none luks" >> /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: apt-get install zram-config ; dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
      • I often only run with zRam but it is rarely a bad idea to also have a disk-backed swap.
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/sys ; sudo umount /mnt/proc ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt && sudo cryptsetup luksClose system
  • Reboot into your new, encrypted Linux Mint 13 installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 13 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).

Update 2012.09.25
I should proof read more gooder. Sorry about that.