Antlinux

So I'm building a new round of Linux kernels, using kernel source version 2.6.23.12, for all of the machines that I run. First up is an AMD64 kernel, which barfs while compiling 'vdso', whatever that is. The fix that I found on the net for that was to edit $KERNEL_SRC/arch/x86_64/vdso/vdso.lds.S and make the following change:

Here's an example of how to add a new user on Debian. You can use 65533 as the user ID for httpd, and 65532 as the user ID for Apache Tomcat.

The Sourceforge site has all of the files described below available for downloading, as well as PDF copies of this documentation for offline usage. The following files are available on the Sourceforge site:

• A Project Naranja kernel and initramfs image (vmlinuz-*, initramfs-*.gz; this can be used to boot and install a system onto a new machine as well as boot an installed system for normal use or repair
• Debian packages for the Linux kernel (linux-image-*.deb), as well as the packages for the loop-aes encryption software (loop-aes-*.deb, loop-aes-ciphers-*.deb). You would install the kernel and loop-aes packages onto a system that has just been built using these instructions (specifically, a system that has just been built with debootstrap) so that when you reboot, other modules not provided inside of the initramfs image are available for loading by the kernel

After the base system has been installed, you boot the system using the supplied kernel and initramfs image. Once the Linux kernel boots and the init script in the initramfs image runs, the script will start a web server on a pre-determined port in order to serve HTTP requests. The web server has been wrapped with the stunnel SSL tunnelling program for lots of crunchy SSL goodness in order to protect your disk keys.

Disk Key Naming Conventions
The disk key should be named disk_key.gpg, and the GPG keys should be named <KEYIDXXX>.[pub|sec], where KEYIDXXX is the 8 character 'key fingerprint' of the GPG key, and .[pub|sec] is the filename extension for the public and secure keyring respectively. For now, the keys also need to be copied as secring.gpg and pubring.gpg for the private and public keyring respectively. This will change in the future to allow prompting for random keys. The scripts in the initramfs image will follow these conventions when they go to look for GPG or disk keys.

Currently (April 2007), the current version of the debootstrap package does not support etch, the current stable release of Debian. This means that if you want the latest and greatest when building a system via debootstrap, you have to do a dist-upgrade yourself. Below is the step-by-step process...

1. Use dpkg --audit to verify that you do not have packages that are only halfway installed
2. Make a backup of your /etc/apt/sources.list, then change the file so that all references to sarge now say etch

There's a Perl script inside of OpenSSL called 'CA.pl' that will do the work of creating server/client/certificate authority 'certificate requests' for you. Here's how you use it...

Generate a simple self-signed SSL certificate

Become your own SSL Certificate Authority

Need to sign SSL certificates, but don't want to pay? Become your own Certiciate Authority (CA). The good news is that it's free, the bad news is that you'll have to install your CA certificate onto client browsers in order to get them to stop bitching about not trusting the CA.

Here be documentation from external projects, yar!