Difference between pages "Keychain" and "Install/de/Partitioning"

(Difference between pages)
 
(Einleitung)
 
Line 1: Line 1:
{{Article
+
<noinclude>
|Subtitle=Official Project Page
+
{{InstallPart|the process of partitioning and filesystem creation}}
|Author=Drobbins
+
</noinclude>
}}
+
===Vorbereiten der Festplatte ===
<tt>Keychain</tt> helps you to manage SSH and GPG keys in a convenient and secure manner. It acts as a frontend to <tt>ssh-agent</tt> and <tt>ssh-add</tt>, but allows you to easily have one long running <tt>ssh-agent</tt> process per system, rather than the norm of one <tt>ssh-agent</tt> per login session.
+
  
This dramatically reduces the number of times you need to enter your passphrase. With <tt>keychain</tt>, you only need to enter a passphrase once every time your local machine is rebooted. <tt>Keychain</tt> also makes it easy for remote cron jobs to securely &quot;hook in&quot; to a long running <tt>ssh-agent</tt> process, allowing your scripts to take advantage of key-based logins.
+
Diese Sektion handelt über die verschiedenen Möglichkeiten Funtoo Linux auf einer Festplatte zu installieren und zu booten.
  
== Download and Resources ==
+
==== Einleitung ====
  
The latest release of keychain is version <tt>2.7.2_beta1</tt>, and was released on July 7, 2014. The current version of keychain supports <tt>gpg-agent</tt> as well as <tt>ssh-agent</tt>.
+
Früher gab es nur eine Variante einen PC zu booten, alle Desktop- und Servercomputer hatten einen voreingestellten PC  BIOS, alle Festplatten nutzten den Master Boot Record (MBR) um das System zu booten und unsere Festplatten waren  mit dem MBR Partitionsschema in verschiedene Regionen partitioniert. Das war einfach wie's gemacht wurde. Und uns gefiel es!
  
Keychain is compatible with many operating systems, including <tt>AIX</tt>, <tt>*BSD</tt>, <tt>Cygwin</tt>, <tt>MacOS X</tt>, <tt>Linux</tt>, <tt>HP/UX</tt>, <tt>Tru64 UNIX</tt>, <tt>IRIX</tt>, <tt>Solaris</tt> and <tt>GNU Hurd</tt>.
+
Dann kamen EFI und UEFI, neue firmware designt das System zu booten, gemeinsam mit GTP Partitionstabellen um Partitionen auf Festplatten größer als 2.2TB zu definieren.
 +
Plötzlich haben wir eine breite Wahl von Optionen, Linux Systeme zu installieren und zu booten. Damit haben wir nun eine komplexere Situation als damals.
  
=== Download ===
+
Nehmen wir einen Moment um die verfügbaren Optionen, zur Konfiguration der Festplatte um Linux zu booten, zu besprechen.
 +
Diese Installationsanleitung nutzt und empfiehlt die old-school Methode des BIOS bootens mit hilfe des MBR. Es funktioniert und (außer in seltenen Fällen) ist universal unterstützt.
 +
Mit dieser Methode ist nichts falsch, solange deine Systemfestplatte nur bis zu 2TB groß ist. Solange wird diese Methode die volle Kapazität deiner Festplatte nutzen.
  
* ''Release Archive''
+
Es gibt aber einige Situationen, in denen diese old-school Methode nicht optimal ist. Falls du eine Systemfestplatte >2TB hast, dann erlauben dir MBR Partitionen keinen Zugang zum gesamten Speicher.
** [http://www.funtoo.org/distfiles/keychain/keychain-2.7.2_beta1.tar.bz2 keychain 2.7.2_beta1]
+
Das ist also ein Grund gegen diese Methode. Ein Weiterer ist, dass es "PC" Systeme gibt, welche das booten via BIOS nicht mehr unterstützen und dich zwingen via UEFI zu booten.
** [http://www.funtoo.org/distfiles/keychain/keychain-2.7.1.tar.bz2 keychain 2.7.1]
+
Aus Mitleid für die PC-Nutzer, die in diese Zwickmühle geraten, decken wir das Booten via UEFI zusätzlich in dieser Installationsanleitung ab .  
  
* ''Apple MacOS X Packages''
+
Unsere empfehlung ist immer noch die old-school Methode, es seiden du hast Gründe dagegen.
** [http://www.funtoo.org/distfiles/keychain/keychain-2.7.1-macosx.tar.gz keychain 2.7.1 MacOS X package]
+
Der Bootloader, den wir nutzen um den Linux Kernel zu laden, heißt GRUB. Also nennen wir die Methode  '''BIOS + GRUB(MBR) ''' Methode.
 +
Es ist die traditionelle Methode um ein Linux System bootbar zu machen.  
  
Keychain development sources can be found in the [http://www.github.com/funtoo/keychain keychain git repository]. Please use the [https://bugs.funtoo.org Funtoo Linux bug tracker] and [irc://irc.freenode.net/funtoo #funtoo irc channel] for keychain support questions as well as bug reports.
+
Falls du via UEFI booten willst, empfehlen wir dir nicht den MBR zum booten zu nutzen, was nur manche Systeme unterstützen, sondern wir empfehlen UEFI zu nutzen um GRUB zu laden.
 +
GRUB wird dann das Linux System booten. Wir referenzieren zu dieser Methode mit '''UEFI + GRUB (GPT)'''.
  
=== Project History ===
+
Und ja, es gibt noch weitere Methoden, von denen einige auf der [[Boot Methods]] Seite dokumentiert sind.
 +
Unsere Empfehlung war immer die  '''BIOS + GRUB (GPT)'' Methode, welche allerdings nun nicht mehr konsistent und hardwareübergreifend unterstützt wird.
  
Daniel Robbins originally wrote <tt>keychain</tt> 1.0 through 2.0.3. 1.0 was written around June 2001, and 2.0.3 was released in late August, 2002.
+
'''Die größte Frage ist immer -- Welche Bootmethode sollst du nutzen?''' Hier ist mein Gedankengang.
  
After 2.0.3, <tt>keychain</tt> was maintained by various Gentoo developers, including Seth Chandler, Mike Frysinger and Robin H. Johnson, through July 3, 2003.
+
;Grundsatz 1 - Old School: Falls du verlässlich via System Rescue CD booten kannst und dir ein leicht blaues Menü angezeigt wird, dann bootet die CD via BIOS und es ist sehr wahrscheinlich, das du auch Funtoo Linux via BIOS booten kannst. Also gehe old-school und nutze diese Methode, es sei denn du hast Gründe via UEFI zu booten. Zum Beispiel eine Systemfestplatte >2.2TB  In diesem Fall beachte Grundsatz 2, wenn dein System UEFI unterstützt.
  
On April 21, 2004, Aron Griffis committed a major rewrite of <tt>keychain</tt> which was released as 2.2.0. Aron continued to actively maintain and improve <tt>keychain</tt> through October 2006 and the <tt>keychain</tt> 2.6.8 release. He also made a few commits after that date, up through mid-July, 2007. At this point, <tt>keychain</tt> had reached a point of maturity.
+
;Grundsatz 2 - New School: Falls du verlässlich via System Rescue CD booten kannst und dir ein schwarz und weißes Menü, --Glückwunsch, dein System ist konfiguriert UEFI zu unterstützen. Das bedeutet das du bereit bist Funtoo Linux einzurichten um via UEFI zu booten. Dein System könnte immer noch das Booten übers BIOS unterstützen, aber versuch es einfach mal mit UEFI als erstes. Du kannst in deiner BIOS Konfiguration herum stochern und damit spielen.  
  
In mid-July, 2009, Daniel Robbins migrated Aron's mercurial repository to git and set up a new project page on funtoo.org, and made a few bug fix commits to the git repo that had been collecting in [http://bugs.gentoo.org bugs.gentoo.org]. Daniel continues to maintain <tt>keychain</tt> and supporting documentation on funtoo.org, and plans to make regular maintenance releases of <tt>keychain</tt> as needed.
+
;Was ist der große Unterschied zwischen Old School und New School?: Hier ist der Deal. Falls du mit old-school MBR Partitionen gehst, deine <code>/boot</code> Partition wird ein ext2 Dateisystem haben, und du wirst <code>fdisk</code>nutzen um MBR Partitionen zu erstellen. Fallse du mit new-school GPT Partitionen und booten via UEFI gehst, wird deine <code>/boot</code> Partition ein  vfat Dateisystem haben, da UEFI dies lesen kann,außerdem wirst du <code>gdisk</code> nutzen um GPT Partitionen zu erstellen. Und du wirst GRUB ein wenig anders installieren. Das ist alles was es zu wissen gibt, für den Fall das du neugierig warst.
  
== Quick Setup ==
+
;Also Note: To install Funtoo Linux to boot via the New School UEFI method, you must boot System Rescue CD using UEFI -- and see an initial black and white screen. Otherwise, UEFI will not be active and you will not be able to set it up!
  
=== Linux ===
+
{{Note|'''Einige motherboards unterstützen UEFI nicht richtig.''' Informiere dich. Zum Beispiel, das Award BIOS in meinem Gigabyte GA-990FXA-UD7 rev 1.1 hat eine Option das Booten via UEFI für CD/DVD zu aktivieren. '''Das ist aber nicht ausreichend um UEFI für Festplatten zu nutzen und Funtoo Linux zu installieren.''' UEFI muss für entfernbare Datenträger und fixierte Datenträger unterstützt werden. (Damit du deine neue Funtoo Installation booten kannst) Tatsächlich hagen die neueren revisionen des boards(rev 3.0) volle UEFI unterstützung. Das ist der wichtigste Punkt des dritten Grundsatzes -- kenne die Hardware. }}
 +
 
 +
==== Old-School (BIOS/MBR) Method ====
 +
 
 +
{{Note|Use this method if you are booting using your BIOS, and if your System Rescue CD initial boot menu was light blue. If you're going to use the new-school method, [[#New-School (UEFI/GPT) Method|click here to jump down to UEFI/GPT.]]}}
 +
 
 +
===== Preparation =====
 +
 
 +
First, it's a good idea to make sure that you've found the correct hard disk to partition. Try this command and verify that <code>/dev/sda</code> is the disk that you want to partition:
  
To install under Gentoo or Funtoo Linux, type
 
 
<console>
 
<console>
###i## emerge keychain
+
# ##i##fdisk -l /dev/sda
 +
 
 +
Disk /dev/sda: 640.1 GB, 640135028736 bytes, 1250263728 sectors
 +
Units = sectors of 1 * 512 = 512 bytes
 +
Sector size (logical/physical): 512 bytes / 512 bytes
 +
I/O size (minimum/optimal): 512 bytes / 512 bytes
 +
Disk label type: gpt
 +
 
 +
 
 +
#        Start          End    Size  Type            Name
 +
1        2048  1250263694  596.2G  Linux filesyste Linux filesystem
 
</console>
 
</console>
  
For other Linux distributions, use your distribution's package manager, or download and install using the source tarball above. Then generate RSA/DSA keys if necessary. The quick install docs assume you have a DSA key pair named <tt>id_dsa</tt> and <tt>id_dsa.pub</tt> in your <tt>~/.ssh/</tt> directory. Add the following to your <tt>~/.bash_profile</tt>:
+
Now, it's recommended that you erase any existing MBR or GPT partition tables on the disk, which could confuse the system's BIOS at boot time. We do this using <code>sgdisk</code>:
 +
{{fancywarning|This will make any existing partitions inaccessible! You are '''strongly''' cautioned and advised to backup any critical data before proceeding.}}
  
{{file|name=~/.bash_profile|body=
+
<console>
eval `keychain --eval --agents ssh id_rsa`
+
# ##i##sgdisk --zap-all /dev/sda
}}
+
  
If you want to take advantage of GPG functionality, ensure that GNU Privacy Guard is installed and omit the <tt>--agents ssh</tt> option above.
+
Creating new GPT entries.
 +
GPT data structures destroyed! You may now partition the disk using fdisk or
 +
other utilities.
 +
</console>
  
=== Apple MacOS X ===
+
This output is also nothing to worry about, as the command still succeded:
  
To install under MacOS X, install the MacOS X package for keychain. Assuming you have an <tt>id_dsa</tt> and <tt>id_dsa.pub</tt> key pair in your <tt>~/.ssh/</tt> directory, add the following to your <tt>~/.bash_profile</tt>:
+
<console>
 +
***************************************************************
 +
Found invalid GPT and valid MBR; converting MBR to GPT format
 +
in memory.  
 +
***************************************************************
 +
</console>
  
{{file|name=~/.bash_profile|body=
+
===== Partitioning =====
eval `keychain --eval --agents ssh --inherit any id_dsa`
+
}}
+
  
{{Fancynote|The <tt>--inherit any</tt> option above causes keychain to inherit any ssh key passphrases stored in your Apple MacOS Keychain. If you would prefer for this to not happen, then this option can be omitted.}}
+
Now we will use <code>fdisk</code> to create the MBR partition table and partitions:
  
== Background ==
+
<console>
 +
# ##i##fdisk /dev/sda
 +
</console>
  
You're probably familiar with <tt>ssh</tt>, which has become a secure replacement for the venerable <tt>telnet</tt> and <tt>rsh</tt> commands.
+
Within <code>fdisk</code>, follow these steps:
  
Typically, when one uses <tt>ssh</tt> to connect to a remote system, one supplies a secret passphrase to <tt>ssh</tt>, which is then passed in encrypted form over the network to the remote server. This passphrase is used by the remote <tt>sshd</tt> server to determine if you should be granted access to the system.
+
'''Empty the partition table''':
  
However, OpenSSH and nearly all other SSH clients and servers have the ability to perform another type of authentication, called asymmetric public key authentication, using the RSA or DSA authentication algorithms. They are very useful, but can also be complicated to use. <tt>keychain</tt> has been designed to make it easy to take advantage of the benefits of RSA and DSA authentication.
+
<console>
 +
Command (m for help): ##i##o ↵
 +
</console>
  
== Generating a Key Pair ==
+
'''Create Partition 1''' (boot):
  
To use RSA and DSA authentication, first you use a program called <tt>ssh-keygen</tt> (included with OpenSSH) to generate a ''key pair'' -- two small files. One of the files is the ''public key''. The other small file contains the ''private key''. <tt>ssh-keygen</tt> will ask you for a passphrase, and this passphrase will be used to encrypt your private key. You will need to supply this passphrase to use your private key. If you wanted to generate a DSA key pair, you would do this:
+
<console>
 +
Command (m for help): ##i##n ↵
 +
Partition type (default p): ##i##↵
 +
Partition number (1-4, default 1): ##i##↵
 +
First sector: ##i##↵
 +
Last sector: ##i##+128M ↵
 +
</console>
  
<console># ##i##ssh-keygen -t dsa
+
'''Create Partition 2''' (swap):
Generating public/private dsa key pair.</console>
+
You would then be prompted for a location to store your key pair. If you do not have one currently stored in <tt>~/.ssh</tt>, it is fine to accept the default location:
+
  
<console>Enter file in which to save the key (/root/.ssh/id_dsa): </console>
+
<console>
Then, you are prompted for a passphrase. This passphrase is used to encrypt the ''private key'' on disk, so even if it is stolen, it will be difficult for someone else to use it to successfully authenticate as you with any accounts that have been configured to recognize your public key.
+
Command (m for help): ##i##n ↵
 +
Partition type (default p): ##i##↵
 +
Partition number (2-4, default 2): ##i##↵
 +
First sector: ##i##↵
 +
Last sector: ##i##+2G ↵
 +
Command (m for help): ##i##t ↵
 +
Partition number (1,2, default 2): ##i## ↵
 +
Hex code (type L to list all codes): ##i##82 ↵
 +
</console>
  
Note that conversely, if you '''do not''' provide a passphrase for your private key file, then your private key file '''will not''' be encrypted. This means that if someone steals your private key file, ''they will have the full ability to authenticate with any remote accounts that are set up with your public key.''
+
'''Create the root partition:'''
  
Below, I have supplied a passphrase so that my private key file will be encrypted on disk:
+
<console>
 +
Command (m for help): ##i##n ↵
 +
Partition type (default p): ##i##↵
 +
Partition number (3,4, default 3): ##i##↵
 +
First sector: ##i##↵
 +
Last sector: ##i##↵
 +
</console>
  
<console>Enter passphrase (empty for no passphrase): ##i#########
+
'''Verify the partition table:'''
Enter same passphrase again: ##i#########
+
Your identification has been saved in /var/tmp/id_dsa.
+
Your public key has been saved in /var/tmp/id_dsa.pub.
+
The key fingerprint is:
+
5c:13:ff:46:7d:b3:bf:0e:37:1e:5e:8c:7b:a3:88:f4 root@devbox-ve
+
The key's randomart image is:
+
+--[ DSA 1024]----+
+
|          .      |
+
|          o  . |
+
|          o . ..o|
+
|      . . . o  +|
+
|        S    o. |
+
|            . o.|
+
|        .  ..++|
+
|        . o . =o*|
+
|        . E .+*.|
+
+-----------------+</console>
+
  
== Setting up Authentication ==
+
<console>
 +
Command (m for help): ##i##p
  
Here's how you use these files to authenticate with a remote server. On the remote server, you would append the contents of your ''public key'' to the <tt>~.ssh/authorized_keys</tt> file, if such a file exists. If it doesn't exist, you can simply create a new <tt>authorized_keys</tt> file in the remote account's <tt>~/.ssh</tt> directory that contains the contents of your local <tt>id_dsa.pub</tt> file.
+
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
 +
Units: sectors of 1 * 512 = 512 bytes
 +
Sector size (logical/physical): 512 bytes / 512 bytes
 +
I/O size (minimum/optimal): 512 bytes / 512 bytes
 +
Disklabel type: dos
 +
Disk identifier: 0x82abc9a6
  
Then, if you weren't going to use <tt>keychain</tt>, you'd perform the following steps. On your local client, you would start a program called <tt>ssh-agent</tt>, which runs in the background. Then you would use a program called <tt>ssh-add</tt> to tell <tt>ssh-agent</tt> about your secret private key. Then, if you've set up your environment properly, the next time you run <tt>ssh</tt>, it will find <tt>ssh-agent</tt> running, grab the private key that you added to <tt>ssh-agent</tt> using <tt>ssh-add</tt>, and use this key to authenticate with the remote server.
+
Device    Boot    Start      End    Blocks  Id System
 +
/dev/sda1          2048    264191    131072  83 Linux
 +
/dev/sda2        264192  4458495  2097152  82 Linux swap / Solaris
 +
/dev/sda3        4458496 625142447 310341976  83 Linux
 +
</console>
  
Again, the steps in the previous paragraph is what you'd do if <tt>keychain</tt> wasn't around to help. If you are using <tt>keychain</tt>, and I hope you are, you would simply add the following line to your <tt>~/.bash_profile</tt> or if a regular user to<tt>~/.bashrc</tt> :
+
'''Write the parition table to disk:'''
  
{{file|name=~/.bash_profile|body=
+
<console>
eval `keychain --eval id_dsa`
+
Command (m for help): ##i##w
}}
+
</console>
  
The next time you log in or source your <tt>~/.bash_profile</tt> or if you use <tt>~/.bashrc</tt>, <tt>keychain</tt> will start, start <tt>ssh-agent</tt> for you if it has not yet been started, use <tt>ssh-add</tt> to add your <tt>id_dsa</tt> private key file to <tt>ssh-agent</tt>, and set up your shell environment so that <tt>ssh</tt> will be able to find <tt>ssh-agent</tt>. If <tt>ssh-agent</tt> is already running, <tt>keychain</tt> will ensure that your <tt>id_dsa</tt> private key has been added to <tt>ssh-agent</tt> and then set up your environment so that <tt>ssh</tt> can find the already-running <tt>ssh-agent</tt>. It will look something like this:
+
Your new MBR partition table will now be written to your system disk.
  
Note that when <tt>keychain</tt> runs for the first time after your local system has booted, you will be prompted for a passphrase for your private key file if it is encrypted. But here's the nice thing about using <tt>keychain</tt> -- even if you are using an encrypted private key file, you will only need to enter your passphrase when your system first boots (or in the case of a server, when you first log in.) After that, <tt>ssh-agent</tt> is already running and has your decrypted private key cached in memory. So if you open a new shell, you will see something like this:
+
{{Note|You're done with partitioning! Now, jump over to [[#Creating filesystems|Creating filesystems]].}}
  
This means that you can now <tt>ssh</tt> to your heart's content, without supplying a passphrase.
+
==== New-School (UEFI/GPT) Method ====
  
You can also execute batch <tt>cron</tt> jobs and scripts that need to use <tt>ssh</tt> or <tt>scp</tt>, and they can take advantage of passwordless RSA/DSA authentication as well. To do this, you would add the following line to the top of a bash script:
+
{{Note|Use this method if you are booting using UEFI, and if your System Rescue CD initial boot menu was black and white. If it was light blue, this method will not work.}}
  
{{file|name=example-script.sh|body=
+
The <tt>gdisk</tt> commands to create a GPT partition table are as follows. Adapt sizes as necessary, although these defaults will work for most users. Start <code>gdisk</code>:
eval `keychain --noask --eval id_dsa` || exit 1
+
}}
+
  
The extra <tt>--noask</tt> option tells <tt>keychain</tt> that it should not prompt for a passphrase if one is needed. Since it is not running interactively, it is better for the script to fail if the decrypted private key isn't cached in memory via <tt>ssh-agent</tt>.
+
<console>
 +
# ##i##gdisk /dev/sda
 +
</console>
  
== Keychain Options ==
+
Within <tt>gdisk</tt>, follow these steps:
  
=== Specifying Agents ===
+
'''Create a new empty partition table''' (This ''will'' erase all data on the disk when saved):
  
In the images above, you will note that <tt>keychain</tt> starts <tt>ssh-agent</tt>, but also starts <tt>gpg-agent</tt>. Modern versions of <tt>keychain</tt> also support caching decrypted GPG keys via use of <tt>gpg-agent</tt>, and will start <tt>gpg-agent</tt> by default if it is available on your system. To avoid this behavior and only start <tt>ssh-agent</tt>, modify your <tt>~/.bash_profile</tt> as follows:
+
<console>
 +
Command: ##i##o ↵
 +
This option deletes all partitions and creates a new protective MBR.
 +
Proceed? (Y/N): ##i##y ↵
 +
</console>
  
{{file|name=~/.bash_profile|body=
+
'''Create Partition 1''' (boot):
eval `keychain --agents ssh --eval id_dsa` || exit 1
+
}}
+
  
The additional <tt>--agents ssh</tt> option tells <tt>keychain</tt> just to manage <tt>ssh-agent</tt>, and ignore <tt>gpg-agent</tt> even if it is available.
+
<console>
 +
Command: ##i##n ↵
 +
Partition Number: ##i##1 ↵
 +
First sector: ##i##↵
 +
Last sector: ##i##+500M ↵
 +
Hex Code: ##i##↵
 +
</console>
  
=== Clearing Keys ===
+
'''Create Partition 2''' (swap):
  
Sometimes, it might be necessary to flush all cached keys in memory. To do this, type:
+
<console>
 +
Command: ##i##n ↵
 +
Partition Number: ##i##2 ↵
 +
First sector: ##i##↵
 +
Last sector: ##i##+4G ↵
 +
Hex Code: ##i##8200 ↵
 +
</console>
  
<console># ##i##keychain --clear</console>
+
'''Create Partition 3''' (root):
Any agent(s) will continue to run.
+
  
=== Improving Security ===
+
<console>
 +
Command: ##i##n ↵
 +
Partition Number: ##i##3 ↵
 +
First sector: ##i##↵
 +
Last sector: ##i##↵##!i## (for rest of disk)
 +
Hex Code: ##i##↵
 +
</console>
 +
 
 +
Along the way, you can type "<tt>p</tt>" and hit Enter to view your current partition table. If you make a mistake, you can type "<tt>d</tt>" to delete an existing partition that you created. When you are satisfied with your partition setup, type "<tt>w</tt>" to write your configuration to disk:
 +
 
 +
'''Write Partition Table To Disk''':
 +
 
 +
<console>
 +
Command: ##i##w ↵
 +
Do you want to proceed? (Y/N): ##i##Y ↵
 +
</console>
 +
 
 +
The partition table will now be written to disk and <tt>gdisk</tt> will close.
  
To improve the security of <tt>keychain</tt>, some people add the <tt>--clear</tt> option to their <tt>~/.bash_profile</tt> <tt>keychain</tt> invocation. The rationale behind this is that any user logging in should be assumed to be an intruder until proven otherwise. This means that you will need to re-enter any passphrases when you log in, but cron jobs will still be able to run when you log out.
+
Now, your GPT/GUID partitions have been created, and will show up as the following ''block devices'' under Linux:
  
=== Stopping Agents ===
+
* <tt>/dev/sda1</tt>, which will be used to hold the <tt>/boot</tt> filesystem,
 +
* <tt>/dev/sda2</tt>, which will be used for swap space, and
 +
* <tt>/dev/sda3</tt>, which will hold your root filesystem.
  
If you want to stop all agents, which will also of course cause your keys/identities to be flushed from memory, you can do this as follows:
+
==== Creating filesystems ====
  
<console># ##i##keychain -k all</console>
+
{{Note|This section covers both BIOS ''and'' UEFI installs. Don't skip it!}}
If you have other agents running under your user account, you can also tell <tt>keychain</tt> to just stop only the agents that <tt>keychain</tt> started:
+
  
<console># ##i##keychain -k mine</console>
+
Before your newly-created partitions can be used, the block devices need to be initialized with filesystem ''metadata''. This process is known as ''creating a filesystem'' on the block devices. After filesystems are created on the block devices, they can be mounted and used to store files.
  
=== GPG ===
+
Let's keep this simple. Are you using old-school MBR partitions? If so, let's create an ext2 filesystem on /dev/sda1:
  
Keychain can ask you for your GPG passphrase if you provide it the GPG key ID. To find it out:
 
 
<console>
 
<console>
$##i## gpg -k
+
# ##i##mkfs.ext2 /dev/sda1
pub  2048R/DEADBEEF 2012-08-16
+
uid                  Name (Comment) <email@host.tld>
+
sub  2048R/86D2FAC6 2012-08-16
+
 
</console>
 
</console>
  
Note the '''DEADBEEF''' above is the ID. Then, in your login script, do your usual
+
If you're using new-school GPT partitions for UEFI, you'll want to create a vfat filesystem on /dev/sda1, because this is what UEFI is able to read:
  
 
<console>
 
<console>
$##i## keychain --dir ~/.ssh/.keychain ~/.ssh/id_rsa DEADBEEF
+
# ##i##mkfs.vfat -F 32 /dev/sda1
$##i## source ~/.ssh/.keychain/$HOST-sh
+
$##i## source ~/.ssh/.keychain/$HOST-sh-gpg
+
 
</console>
 
</console>
  
=== Learning More ===
+
Now, let's create a swap partition. This partition will be used as disk-based virtual memory for your Funtoo Linux system.
  
The instructions above will work on any system that uses <tt>bash</tt> as its default shell, such as most Linux systems and Mac OS X.
+
You will not create a filesystem on your swap partition, since it is not used to store files. But it is necessary to initialize it using the <code>mkswap</code> command. Then we'll run the <code>swapon</code> command to make your newly-initialized swap space immediately active within the live CD environment, in case it is needed during the rest of the install process:
  
To learn more about the many things that <tt>keychain</tt> can do, including alternate shell support, consult the keychain man page, or type <tt>keychain --help | less</tt> for a full list of command options.
+
<console>
 +
# ##i##mkswap /dev/sda2
 +
# ##i##swapon /dev/sda2
 +
</console>
  
I also recommend you read my original series of articles about [http://www.openssh.com OpenSSH] that I wrote for IBM developerWorks, called <tt>OpenSSH Key Management</tt>. Please note that <tt>keychain</tt> 1.0 was released along with Part 2 of this article, which was written in 2001. <tt>keychain</tt> has changed quite a bit since then. In other words, read these articles for the conceptual and [http://www.openssh.com OpenSSH] information, but consult the <tt>keychain</tt> man page for command-line options and usage instructions :)
+
Now, we need to create a root filesystem. This is where Funtoo Linux will live. We generally recommend ext4 or XFS root filesystems. If you're not sure, choose ext4. Here's how to create a root ext4 filesystem:
  
* [http://www.ibm.com/developerworks/library/l-keyc.html Common Threads: OpenSSH key management, Part 1] - Understanding RSA/DSA Authentication
+
<console>
* [http://www.ibm.com/developerworks/library/l-keyc2/ Common Threads: OpenSSH key management, Part 2] - Introducing <tt>ssh-agent</tt> and <tt>keychain</tt>
+
# ##i##mkfs.ext4 /dev/sda3
* [http://www.ibm.com/developerworks/library/l-keyc3/ Common Threads: OpenSSH key management, Part 3] - Agent forwarding and <tt>keychain</tt> improvements
+
</console>
  
As mentioned at the top of the page, <tt>keychain</tt> development sources can be found in the [http://www.github.com/funtoo/keychain keychain git repository]. Please use the [http://groups.google.com/group/funtoo-dev funtoo-dev mailing list] and [irc://irc.freenode.net/funtoo #funtoo irc channel] for keychain support questions as well as bug reports.
+
...and here's how to create an XFS root filesystem, if you choose to use XFS:
  
[[Category:HOWTO]]
+
<console>
[[Category:Projects]]
+
# ##i##mkfs.xfs /dev/sda3
[[Category:First Steps]]
+
</console>
[[Category:Articles]]
+
 
{{ArticleFooter}}
+
Your filesystems (and swap) have all now been initialized, so that that can be mounted (attached to your existing directory heirarchy) and used to store files. We are ready to begin installing Funtoo Linux on these brand-new filesystems.
 +
 
 +
{{fancywarning|1=
 +
When deploying an OpenVZ host, please use ext4 exclusively. The Parallels development team tests extensively with ext4, and modern versions of <code>openvz-rhel6-stable</code> are '''not''' compatible with XFS, and you may experience kernel bugs.
 +
}}
 +
 
 +
==== Mounting filesystems ====
 +
 
 +
Mount the newly-created filesystems as follows, creating <code>/mnt/funtoo</code> as the installation mount point:
 +
 
 +
<console>
 +
# ##i##mkdir /mnt/funtoo
 +
# ##i##mount /dev/sda3 /mnt/funtoo
 +
# ##i##mkdir /mnt/funtoo/boot
 +
# ##i##mount /dev/sda1 /mnt/funtoo/boot
 +
</console>
 +
 
 +
Optionally, if you have a separate filesystem for <code>/home</code> or anything else:
 +
 
 +
<console>
 +
# ##i##mkdir /mnt/funtoo/home
 +
# ##i##mount /dev/sda4 /mnt/funtoo/home
 +
</console>
 +
 
 +
If you have <code>/tmp</code> or <code>/var/tmp</code> on a separate filesystem, be sure to change the permissions of the mount point to be globally-writeable after mounting, as follows:
 +
 
 +
<console>
 +
# ##i##chmod 1777 /mnt/funtoo/tmp
 +
</console>

Revision as of 17:17, January 27, 2015


Note

This is a template that is used as part of the Installation instructions which covers: the process of partitioning and filesystem creation. Templates are being used to allow multiple variant install guides that use most of the same re-usable parts.


Vorbereiten der Festplatte

Diese Sektion handelt über die verschiedenen Möglichkeiten Funtoo Linux auf einer Festplatte zu installieren und zu booten.

Einleitung

Früher gab es nur eine Variante einen PC zu booten, alle Desktop- und Servercomputer hatten einen voreingestellten PC BIOS, alle Festplatten nutzten den Master Boot Record (MBR) um das System zu booten und unsere Festplatten waren mit dem MBR Partitionsschema in verschiedene Regionen partitioniert. Das war einfach wie's gemacht wurde. Und uns gefiel es!

Dann kamen EFI und UEFI, neue firmware designt das System zu booten, gemeinsam mit GTP Partitionstabellen um Partitionen auf Festplatten größer als 2.2TB zu definieren. Plötzlich haben wir eine breite Wahl von Optionen, Linux Systeme zu installieren und zu booten. Damit haben wir nun eine komplexere Situation als damals.

Nehmen wir einen Moment um die verfügbaren Optionen, zur Konfiguration der Festplatte um Linux zu booten, zu besprechen. Diese Installationsanleitung nutzt und empfiehlt die old-school Methode des BIOS bootens mit hilfe des MBR. Es funktioniert und (außer in seltenen Fällen) ist universal unterstützt. Mit dieser Methode ist nichts falsch, solange deine Systemfestplatte nur bis zu 2TB groß ist. Solange wird diese Methode die volle Kapazität deiner Festplatte nutzen.

Es gibt aber einige Situationen, in denen diese old-school Methode nicht optimal ist. Falls du eine Systemfestplatte >2TB hast, dann erlauben dir MBR Partitionen keinen Zugang zum gesamten Speicher. Das ist also ein Grund gegen diese Methode. Ein Weiterer ist, dass es "PC" Systeme gibt, welche das booten via BIOS nicht mehr unterstützen und dich zwingen via UEFI zu booten. Aus Mitleid für die PC-Nutzer, die in diese Zwickmühle geraten, decken wir das Booten via UEFI zusätzlich in dieser Installationsanleitung ab .

Unsere empfehlung ist immer noch die old-school Methode, es seiden du hast Gründe dagegen. Der Bootloader, den wir nutzen um den Linux Kernel zu laden, heißt GRUB. Also nennen wir die Methode BIOS + GRUB(MBR) Methode. Es ist die traditionelle Methode um ein Linux System bootbar zu machen.

Falls du via UEFI booten willst, empfehlen wir dir nicht den MBR zum booten zu nutzen, was nur manche Systeme unterstützen, sondern wir empfehlen UEFI zu nutzen um GRUB zu laden. GRUB wird dann das Linux System booten. Wir referenzieren zu dieser Methode mit UEFI + GRUB (GPT).

Und ja, es gibt noch weitere Methoden, von denen einige auf der Boot Methods Seite dokumentiert sind. Unsere Empfehlung war immer die 'BIOS + GRUB (GPT) Methode, welche allerdings nun nicht mehr konsistent und hardwareübergreifend unterstützt wird.

Die größte Frage ist immer -- Welche Bootmethode sollst du nutzen? Hier ist mein Gedankengang.

Grundsatz 1 - Old School
Falls du verlässlich via System Rescue CD booten kannst und dir ein leicht blaues Menü angezeigt wird, dann bootet die CD via BIOS und es ist sehr wahrscheinlich, das du auch Funtoo Linux via BIOS booten kannst. Also gehe old-school und nutze diese Methode, es sei denn du hast Gründe via UEFI zu booten. Zum Beispiel eine Systemfestplatte >2.2TB In diesem Fall beachte Grundsatz 2, wenn dein System UEFI unterstützt.
Grundsatz 2 - New School
Falls du verlässlich via System Rescue CD booten kannst und dir ein schwarz und weißes Menü, --Glückwunsch, dein System ist konfiguriert UEFI zu unterstützen. Das bedeutet das du bereit bist Funtoo Linux einzurichten um via UEFI zu booten. Dein System könnte immer noch das Booten übers BIOS unterstützen, aber versuch es einfach mal mit UEFI als erstes. Du kannst in deiner BIOS Konfiguration herum stochern und damit spielen.
Was ist der große Unterschied zwischen Old School und New School?
Hier ist der Deal. Falls du mit old-school MBR Partitionen gehst, deine /boot Partition wird ein ext2 Dateisystem haben, und du wirst fdisknutzen um MBR Partitionen zu erstellen. Fallse du mit new-school GPT Partitionen und booten via UEFI gehst, wird deine /boot Partition ein vfat Dateisystem haben, da UEFI dies lesen kann,außerdem wirst du gdisk nutzen um GPT Partitionen zu erstellen. Und du wirst GRUB ein wenig anders installieren. Das ist alles was es zu wissen gibt, für den Fall das du neugierig warst.
Also Note
To install Funtoo Linux to boot via the New School UEFI method, you must boot System Rescue CD using UEFI -- and see an initial black and white screen. Otherwise, UEFI will not be active and you will not be able to set it up!
Note

Einige motherboards unterstützen UEFI nicht richtig. Informiere dich. Zum Beispiel, das Award BIOS in meinem Gigabyte GA-990FXA-UD7 rev 1.1 hat eine Option das Booten via UEFI für CD/DVD zu aktivieren. Das ist aber nicht ausreichend um UEFI für Festplatten zu nutzen und Funtoo Linux zu installieren. UEFI muss für entfernbare Datenträger und fixierte Datenträger unterstützt werden. (Damit du deine neue Funtoo Installation booten kannst) Tatsächlich hagen die neueren revisionen des boards(rev 3.0) volle UEFI unterstützung. Das ist der wichtigste Punkt des dritten Grundsatzes -- kenne die Hardware.

Old-School (BIOS/MBR) Method

Note

Use this method if you are booting using your BIOS, and if your System Rescue CD initial boot menu was light blue. If you're going to use the new-school method, click here to jump down to UEFI/GPT.

Preparation

First, it's a good idea to make sure that you've found the correct hard disk to partition. Try this command and verify that /dev/sda is the disk that you want to partition:

# fdisk -l /dev/sda

Disk /dev/sda: 640.1 GB, 640135028736 bytes, 1250263728 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: gpt


#         Start          End    Size  Type            Name
 1         2048   1250263694  596.2G  Linux filesyste Linux filesystem

Now, it's recommended that you erase any existing MBR or GPT partition tables on the disk, which could confuse the system's BIOS at boot time. We do this using sgdisk:

Warning

This will make any existing partitions inaccessible! You are strongly cautioned and advised to backup any critical data before proceeding.

# sgdisk --zap-all /dev/sda

Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.

This output is also nothing to worry about, as the command still succeded:

***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format
in memory. 
***************************************************************
Partitioning

Now we will use fdisk to create the MBR partition table and partitions:

# fdisk /dev/sda

Within fdisk, follow these steps:

Empty the partition table:

Command (m for help): o ↵

Create Partition 1 (boot):

Command (m for help): n ↵
Partition type (default p): 
Partition number (1-4, default 1): 
First sector: 
Last sector: +128M ↵

Create Partition 2 (swap):

Command (m for help): n ↵
Partition type (default p): 
Partition number (2-4, default 2): 
First sector: 
Last sector: +2G ↵
Command (m for help): t ↵ 
Partition number (1,2, default 2): 
Hex code (type L to list all codes): 82 ↵

Create the root partition:

Command (m for help): n ↵
Partition type (default p): 
Partition number (3,4, default 3): 
First sector: 
Last sector: 

Verify the partition table:

Command (m for help): p

Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x82abc9a6

Device    Boot     Start       End    Blocks  Id System
/dev/sda1           2048    264191    131072  83 Linux
/dev/sda2         264192   4458495   2097152  82 Linux swap / Solaris
/dev/sda3        4458496 625142447 310341976  83 Linux

Write the parition table to disk:

Command (m for help): w

Your new MBR partition table will now be written to your system disk.

Note

You're done with partitioning! Now, jump over to Creating filesystems.

New-School (UEFI/GPT) Method

Note

Use this method if you are booting using UEFI, and if your System Rescue CD initial boot menu was black and white. If it was light blue, this method will not work.

The gdisk commands to create a GPT partition table are as follows. Adapt sizes as necessary, although these defaults will work for most users. Start gdisk:

# gdisk /dev/sda

Within gdisk, follow these steps:

Create a new empty partition table (This will erase all data on the disk when saved):

Command: o ↵
This option deletes all partitions and creates a new protective MBR.
Proceed? (Y/N): y ↵

Create Partition 1 (boot):

Command: n ↵
Partition Number: 1 ↵
First sector: 
Last sector: +500M ↵
Hex Code: 

Create Partition 2 (swap):

Command: n ↵
Partition Number: 2 ↵
First sector: 
Last sector: +4G ↵
Hex Code: 8200 ↵

Create Partition 3 (root):

Command: n ↵
Partition Number: 3 ↵
First sector: 
Last sector:  (for rest of disk)
Hex Code: 

Along the way, you can type "p" and hit Enter to view your current partition table. If you make a mistake, you can type "d" to delete an existing partition that you created. When you are satisfied with your partition setup, type "w" to write your configuration to disk:

Write Partition Table To Disk:

Command: w ↵
Do you want to proceed? (Y/N): Y ↵

The partition table will now be written to disk and gdisk will close.

Now, your GPT/GUID partitions have been created, and will show up as the following block devices under Linux:

  • /dev/sda1, which will be used to hold the /boot filesystem,
  • /dev/sda2, which will be used for swap space, and
  • /dev/sda3, which will hold your root filesystem.

Creating filesystems

Note

This section covers both BIOS and UEFI installs. Don't skip it!

Before your newly-created partitions can be used, the block devices need to be initialized with filesystem metadata. This process is known as creating a filesystem on the block devices. After filesystems are created on the block devices, they can be mounted and used to store files.

Let's keep this simple. Are you using old-school MBR partitions? If so, let's create an ext2 filesystem on /dev/sda1:

# mkfs.ext2 /dev/sda1

If you're using new-school GPT partitions for UEFI, you'll want to create a vfat filesystem on /dev/sda1, because this is what UEFI is able to read:

# mkfs.vfat -F 32 /dev/sda1

Now, let's create a swap partition. This partition will be used as disk-based virtual memory for your Funtoo Linux system.

You will not create a filesystem on your swap partition, since it is not used to store files. But it is necessary to initialize it using the mkswap command. Then we'll run the swapon command to make your newly-initialized swap space immediately active within the live CD environment, in case it is needed during the rest of the install process:

# mkswap /dev/sda2
# swapon /dev/sda2

Now, we need to create a root filesystem. This is where Funtoo Linux will live. We generally recommend ext4 or XFS root filesystems. If you're not sure, choose ext4. Here's how to create a root ext4 filesystem:

# mkfs.ext4 /dev/sda3

...and here's how to create an XFS root filesystem, if you choose to use XFS:

# mkfs.xfs /dev/sda3

Your filesystems (and swap) have all now been initialized, so that that can be mounted (attached to your existing directory heirarchy) and used to store files. We are ready to begin installing Funtoo Linux on these brand-new filesystems.

Warning

When deploying an OpenVZ host, please use ext4 exclusively. The Parallels development team tests extensively with ext4, and modern versions of openvz-rhel6-stable are not compatible with XFS, and you may experience kernel bugs.

Mounting filesystems

Mount the newly-created filesystems as follows, creating /mnt/funtoo as the installation mount point:

# mkdir /mnt/funtoo
# mount /dev/sda3 /mnt/funtoo
# mkdir /mnt/funtoo/boot
# mount /dev/sda1 /mnt/funtoo/boot

Optionally, if you have a separate filesystem for /home or anything else:

# mkdir /mnt/funtoo/home
# mount /dev/sda4 /mnt/funtoo/home

If you have /tmp or /var/tmp on a separate filesystem, be sure to change the permissions of the mount point to be globally-writeable after mounting, as follows:

# chmod 1777 /mnt/funtoo/tmp