commit 0b32e4925bcf5fc6fbfe00a4e9b75b8dba8df639
parent 5d806077fcc2555f886ddbb709893f14e11088a1
Author: Dash Eclipse <dash@ezup.dev>
Date: Tue, 14 Jul 2020 18:15:49 +0000
Rewrite blog post "FAT32 Partitionless Void Linux Live USB"
Diffstat:
18 files changed, 483 insertions(+), 644 deletions(-)
diff --git a/.web/blog/create-and-use-openpgp-keys.html b/.web/blog/create-and-use-openpgp-keys.html
@@ -0,0 +1,167 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<!-- 2020-07-14 -->
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Create and Use OpenPGP Keys</title>
+<meta name="generator" content="Org mode">
+<meta name="author" content="Dash Eclipse">
+<meta name="description" content="How do I generate OpenPGP keys and use it"
+>
+<meta name="keywords" content="openpgp, pgp, gnupg, gpg, subkey">
+<link rel='icon' type='image/x-icon' href='/favicon.svg'/>
+<meta name='viewport' content='width=device-width, initial-scale=1'>
+<link rel='stylesheet' href='/styles/topnav.css' type='text/css'/>
+<link rel='stylesheet' href='/styles/site.css' type='text/css'/>
+<link rel='stylesheet' href='/styles/syntax-coloring.css' type='text/css'/>
+<link rel='alternate' type='application/rss+xml' title='RSS' href='/blog/rss.xml'>
+</head>
+<body>
+<header id="top" class="status">
+<div>
+<ul class='topnav'>
+<li class='home'><a href='/#dash'>ezup.dev</a></li>
+<li><a class='active' href='./'>Blog</a></li>
+<li><a href='/#pgp'>PGP</a></li>
+<li><a href='/git/' target='_blank'><u>Git</u></a></li>
+<li class='right'><a href='/#about'>About</a></li>
+</ul>
+</div>
+</header>
+<main id="content">
+<header>
+<h1 class="title">Create and Use OpenPGP Keys</h1>
+<p class="subtitle">Published on 2020-06-30 by Dash Eclipse</p>
+</header><p>
+In this article I'm gonna explain how do I generate and use OpenPGP keys.
+</p>
+
+<section id="outline-container-org8d23eb7" class="outline-2">
+<h2 id="org8d23eb7"><span class="section-number-2">1</span> Install GnuPG</h2>
+<div class="outline-text-2" id="text-1">
+<p>
+On macOS you can use brew to install GnuPG <code>brew install gnupg</code>, you will also need <code>pinentry-mac</code> package if you are going to use it with GUI programs such like Thunderbird with Eng
+</p>
+</div>
+</section>
+
+<section id="outline-container-org703990c" class="outline-2">
+<h2 id="org703990c"><span class="section-number-2">2</span> OpenPGP key generation</h2>
+<div class="outline-text-2" id="text-2">
+<p>
+Beside <code>gpg --full-generate-key</code>, you can also create a key with gpg in batch mode<sup><a id="fnr.1" class="footref" href="#fn.1">1</a></sup>.
+</p>
+<div class="org-src-container">
+<pre class="src src-sh">cat >first-last.txt <<EOF
+<span class="org-sh-heredoc">%echo Generating a basic OpenPGP key</span>
+<span class="org-sh-heredoc">Key-Type: RSA</span>
+<span class="org-sh-heredoc">Key-Length: 4096</span>
+<span class="org-sh-heredoc">Key-Usage: cert</span>
+<span class="org-sh-heredoc">#Subkey-Type: RSA</span>
+<span class="org-sh-heredoc">#Subkey-Length: 4096</span>
+<span class="org-sh-heredoc">Name-Real: First Last</span>
+<span class="org-sh-heredoc">#Name-Comment:</span>
+<span class="org-sh-heredoc">Name-Email: user@domain.tld</span>
+<span class="org-sh-heredoc">Expire-Date: 30y</span>
+<span class="org-sh-heredoc">Passphrase: password</span>
+<span class="org-sh-heredoc">%commit</span>
+<span class="org-sh-heredoc">%echo done</span>
+<span class="org-sh-heredoc">EOF</span>
+</pre>
+</div>
+<p>
+Create a key in an ephemeral home directory
+</p>
+<div class="org-src-container">
+<pre class="src src-sh">mkdir -m700 .gnupg
+<span class="org-comment-delimiter">## </span><span class="org-comment">Set the environment variable</span>
+<span class="org-comment-delimiter">## </span><span class="org-comment">or pass --homedir .gnupg as an argument</span>
+<span class="org-builtin">export</span> <span class="org-variable-name">GNUPGHOME</span>=<span class="org-string">".gnupg"</span>
+gpg --batch --generate-key first-last.txt
+</pre>
+</div>
+</div>
+</section>
+
+<section id="outline-container-orgd990d5d" class="outline-2">
+<h2 id="orgd990d5d"><span class="section-number-2">3</span> Use subkeys</h2>
+<div class="outline-text-2" id="text-3">
+<p>
+I use encryption and signing subkeys instead of just use one key for everything, because it's safer when you keep your master key elsewhere and use different keys for different purposes. Debian also recommend to use subkeys.<sup><a id="fnr.2" class="footref" href="#fn.2">2</a></sup>
+</p>
+<div class="org-src-container">
+<pre class="src src-sh"><span class="org-comment-delimiter">## </span><span class="org-comment">adduid, (trust, 5,) save</span>
+gpg --edit-key user@domain.tld
+<span class="org-comment-delimiter">## </span><span class="org-comment">Get keygrip</span>
+gpg --with-keygrip --list-key <key-id>
+<span class="org-comment-delimiter">## </span><span class="org-comment">Export and Import the key to the GPG homedir</span>
+<span class="org-comment-delimiter">## </span><span class="org-comment">where you are gonna use the key,</span>
+<span class="org-comment-delimiter">## </span><span class="org-comment">remove the master key from there</span>
+<span class="org-comment-delimiter">## </span><span class="org-comment">and change the password</span>
+rm .gnupg/private-keys-v1.d/<keygrip>.key
+gpg --edit-key <key-id> passwd
+</pre>
+</div>
+</div>
+<div id="outline-container-org3c26f58" class="outline-3">
+<h3 id="org3c26f58"><span class="section-number-3">3.1</span> Thunderbird and Enigmail</h3>
+<div class="outline-text-3" id="text-3-1">
+<p>
+I use Thunderbird with Enigmail to send and receive PGP encrypted emails, you can follow <a href="https://ssd.eff.org/en/module/how-use-pgp-mac-os-x">the guide by EFF SSD</a> to set it up. Note you need to install <code>pinentry-mac</code> the package to use GPG with such GUI programs.
+</p>
+<div class="org-src-container">
+<pre class="src src-sh">brew install pinentry-mac
+<span class="org-builtin">echo</span> <span class="org-string">'pinentry-program /usr/local/bin/pinentry-mac'</span> > ~/.gnupg/gpg-agent.conf
+</pre>
+</div>
+</div>
+</div>
+<div id="outline-container-org1c0c8cb" class="outline-3">
+<h3 id="org1c0c8cb"><span class="section-number-3">3.2</span> Git</h3>
+<div class="outline-text-3" id="text-3-2">
+<div class="org-src-container">
+<pre class="src src-sh">git config --global gpg.program $(<span class="org-builtin">which</span> gpg)
+git config --global user.name <span class="org-string">'First Last'</span>
+git config --global user.email <span class="org-string">'user@domain.tld'</span>
+git config --global user.signingkey <signing_subkey_id>
+git config --global commit.gpgsign true
+</pre>
+</div>
+<p>
+In case you don't want to sign commits for specific repo, just run <code>git config commit.gpgsign false</code> in the repo directory.
+</p>
+</div>
+</div>
+<div id="outline-container-org6ca4026" class="outline-3">
+<h3 id="org6ca4026"><span class="section-number-3">3.3</span> pass (the standard unix password manager)</h3>
+<div class="outline-text-3" id="text-3-3">
+<p>
+I use <a href="https://www.passwordstore.org/">pass</a> to manage my passwords, with a different key. pass store passwords in a git repo, you can also store the <code>$GNUPGHOME</code> in a git repo or just in the same repo.
+I have some config like this in my zsh config <code>~/.zshrc.local</code>
+</p>
+<div class="org-src-container">
+<pre class="src src-sh"><span class="org-variable-name">PASSWORD_STORE_DIR</span>=<span class="org-string">"$HOME/passwordstore"</span>
+<span class="org-builtin">alias</span> <span class="org-variable-name">pass</span>=<span class="org-string">"GNUPGHOME=\"$HOME/passwordstore/.gnupg\" PASSWORD_STORE_DIR=\"$HOME/passwordstore\" pass"</span>
+</pre>
+</div>
+</div>
+</div>
+</section>
+<div id="footnotes">
+<h2 class="footnotes">Footnotes: </h2>
+<div id="text-footnotes">
+
+<div class="footdef"><sup><a id="fn.1" class="footnum" href="#fnr.1">1</a></sup> <div class="footpara"><p class="footpara">
+<a href="https://www.gnupg.org/documentation//manuals/gnupg/Unattended-GPG-key-generation.html">4.5.4 Unattended key generation | The GNU Privacy Guard Manual</a>
+</p></div></div>
+
+<div class="footdef"><sup><a id="fn.2" class="footnum" href="#fnr.2">2</a></sup> <div class="footpara"><p class="footpara">
+<a href="https://wiki.debian.org/Subkeys">Subkeys | Debian Wiki</a>
+</p></div></div>
+
+
+</div>
+</div></main>
+</body>
+</html>
diff --git a/.web/blog/fat32-partitionless-voidlinux-liveusb.html b/.web/blog/fat32-partitionless-voidlinux-liveusb.html
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en">
<head>
-<!-- 2020-07-13 -->
+<!-- 2020-07-14 -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>FAT32 Partitionless Void Linux Live USB</title>
@@ -32,36 +32,34 @@
<main id="content">
<header>
<h1 class="title">FAT32 Partitionless Void Linux Live USB</h1>
-<p class="subtitle">Published on 2020-07-10 by Dash Eclipse.</p>
+<p class="subtitle">Published on 2020-07-14 by Dash Eclipse</p>
</header><nav id="table-of-contents">
<h2>Table of Contents</h2>
<div id="text-table-of-contents">
<ul>
-<li><a href="#org583e609">1. What is this about and why do I create Live USB this way</a>
+<li><a href="#orga3e0658">1. What is this about and why do I create Live USB this way</a>
<ul>
-<li><a href="#org89e0f8c">1.1. Advantages</a></li>
-<li><a href="#org7bc8fc8">1.2. How does this works and works for both UEFI and Legacy BIOS?</a></li>
+<li><a href="#org39d5497">1.1. Advantages</a></li>
+<li><a href="#orgd5d4403">1.2. How does it work?</a></li>
</ul>
</li>
-<li><a href="#org820b64e">2. Layout and Bootloader configuration files</a></li>
-<li><a href="#org21ef77a">3. Create FAT32 Partitionless Void Linux Live USB</a>
+<li><a href="#org72c32c9">2. FAT32 filesystem creation and file directory structure</a></li>
+<li><a href="#orgbd47abe">3. UEFI</a></li>
+<li><a href="#orgecbc6cb">4. Legacy BIOS</a>
<ul>
-<li><a href="#orgd05d3a2">3.1. Download void-live ISO and bootloaders</a></li>
-<li><a href="#org29f9b38">3.2. Create the FAT32 filesystem and label it</a></li>
-<li><a href="#orgfe63804">3.3. Grab files from void-live ISO</a></li>
-<li><a href="#org895b983">3.4. rEFInd for UEFI</a></li>
-<li><a href="#orge0f7187">3.5. syslinux for Legacy BIOS</a></li>
+<li><a href="#orgcf2ba9a">4.1. Minimal config</a></li>
+<li><a href="#org68c5cce">4.2. Graphical boot menu</a></li>
</ul>
</li>
</ul>
</div>
</nav>
-<section id="outline-container-org583e609" class="outline-2">
-<h2 id="org583e609"><span class="section-number-2">1</span> What is this about and why do I create Live USB this way</h2>
+<section id="outline-container-orga3e0658" class="outline-2">
+<h2 id="orga3e0658"><span class="section-number-2">1</span> What is this about and why do I create Live USB this way</h2>
<div class="outline-text-2" id="text-1">
<p>
-I use void-live as my Live USB because it supports booting into RAM, so I can eject USB stick after boot into LiveOS. And Void Linux provides a set of scripts<sup><a id="fnr.1" class="footref" href="#fn.1">1</a></sup> to generate the iso, it's pretty easy to customize it and it just works.
+I use void-live as my Live USB because it supports booting into RAM, so I can eject USB stick after boot into LiveOS. And it's esay to use void-mklive to generate customized iso, it's simple and just works.
</p>
<p>
@@ -69,26 +67,26 @@ But I don't want to use <code>dd</code> to write iso to my USB stick each time I
</p>
<p>
-The solution is pretty simple, just create one FAT32 filesystem on the USB stick, install bootloaders and copy LiveOS to it, and then configure the bootloader to boot the LiveOS.
+The solution is pretty simple, just create one FAT32 filesystem on the USB stick without any partition table, install bootloaders and copy LiveOS to it, and then configure the bootloader to boot the LiveOS.
</p>
</div>
-<div id="outline-container-org89e0f8c" class="outline-3">
-<h3 id="org89e0f8c"><span class="section-number-3">1.1</span> Advantages</h3>
+<div id="outline-container-org39d5497" class="outline-3">
+<h3 id="org39d5497"><span class="section-number-3">1.1</span> Advantages</h3>
<div class="outline-text-3" id="text-1-1">
<ul class="org-ul">
<li>Works for both UEFI and Legacy BIOS</li>
<li>Maximally use the storage, everything in one filesystem</li>
<li>Could still use the USB stick for storing files as noraml</li>
<li>Easy to delete the LiveOS from the USB stick, just remove these files</li>
-<li>Simple and just works, no dirty hacks, no need for loading iso files</li>
-<li>No need to install boot code</li>
+<li>Simple and just works, no dirty hacks, no need to load iso files</li>
+<li>No need to install boot code<sup><a id="fnr.1" class="footref" href="#fn.1">1</a></sup></li>
</ul>
</div>
</div>
-<div id="outline-container-org7bc8fc8" class="outline-3">
-<h3 id="org7bc8fc8"><span class="section-number-3">1.2</span> How does this works and works for both UEFI and Legacy BIOS?</h3>
+<div id="outline-container-orgd5d4403" class="outline-3">
+<h3 id="orgd5d4403"><span class="section-number-3">1.2</span> How does it work?</h3>
<div class="outline-text-3" id="text-1-2">
<p>
It's pretty simple, just install the bootloader, configure it to load <code>vmlinuz</code> the linux kernel and <code>initrd</code> the initramfs and it will load <code>LiveOS/squashfs.img</code> from the FAT32 filesystem which labeled as <code>VOID_LIVE</code>.
@@ -99,130 +97,110 @@ Just install bootloaders for UEFI and Legacy BIOS, I choose rEFInd for UEFI and
</p>
<p>
-For UEFI, a FAT32 filesystem is necessary for loading a boot manager or bootloader, the FAT32 filesystem does not necessarily to be inside a GPT or MBR partition table, it could on the whole device without any partition table (a.k.a. partitionless).
+For UEFI, a FAT32 filesystem is necessary for loading a boot manager or bootloader, the FAT32 filesystem does not necessarily need to be inside a GPT or MBR partition table, it could on the whole device without any partition table (a.k.a. partitionless).
</p>
<p>
-For Legacy BIOS, when you have a partition table on the hard drive, you need to install the boot code to the device to be able to boot from it, and the partition which contains the bootloader should be marked as <b>active</b>. But you don't need to install boot code for a partitionless setup<sup><a id="fnr.2" class="footref" href="#fn.2">2</a></sup>, it just boots from the filesystem.
+For Legacy BIOS, when you have a partition table on the hard drive, you need to install the boot code to the device to be able to boot from it, and the partition which contains the bootloader should be marked as <b>active</b>. But you don't need to install boot code for a partitionless setup<sup><a id="fnr.1.100" class="footref" href="#fn.1">1</a></sup>, it just boots from the filesystem.
</p>
</div>
</div>
</section>
-<section id="outline-container-org820b64e" class="outline-2">
-<h2 id="org820b64e"><span class="section-number-2">2</span> Layout and Bootloader configuration files</h2>
+<section id="outline-container-org72c32c9" class="outline-2">
+<h2 id="org72c32c9"><span class="section-number-2">2</span> FAT32 filesystem creation and file directory structure</h2>
<div class="outline-text-2" id="text-2">
<p>
-Layout
+Assume the USB stick where we are going to create Live USB on is <code>/dev/sdc</code> and the FAT32 volume name is <code>VOID_LIVE</code>, you can create it with this command. Note the volume name can be other value but must be identical as boot options specified in bootloader configuration files.
+</p>
+<div class="org-src-container">
+<pre class="src src-sh">sudo mkfs.vfat -I -F32 -n VOID_LIVE /dev/sdc
+</pre>
+</div>
+
+<ul class="org-ul">
+<li><code>LiveOS/</code> linux kernel, initramfs and LiveOS from void-live <sup><a id="fnr.2" class="footref" href="#fn.2">2</a></sup></li>
+<li><code>EFI/</code> rEFInd stuff for UEFI boot</li>
+<li><code>syslinux/</code> syslinux stuff for legacy BIOS boot</li>
+</ul>
+<p>
+Boot options can be found in <code>boot/isolinux/isolinux.cfg</code> or <code>boot/grub/grub_void.cfg</code> from void-live iso.
</p>
<pre style="line-height:1;">
-VOID_LIVE -> # mkfs.vfat, fatlabel
+VOID_LIVE
├── EFI
-│ ├── BOOT
-│ │ ├── BOOTX64.EFI -> ../refind/refind_x64.efi
-│ │ └── refind.conf -> ../refind/refind.conf
-│ └── refind
-│ ├── icons -> [refind]
-│ │ └── ...
-│ ├── refind_x64.efi -> [refind]
-│ ├── refind.conf
-│ └── themes
-│ └── refind-theme-regular -> [github] munlik/refind-theme-regular
-│ └── ...
+│ ├── BOOT
+│ │ ├── BOOTX64.EFI
+│ │ └── refind.conf
+│ └── refind
+│ ├── refind.conf
+│ └── refind_x64.efi
├── LiveOS
-│ ├── initrd -> [iso] boot/initrd
-│ ├── squashfs.img -> [iso]
-│ └── vmlinuz -> [iso] boot/vmlinuz
+│ ├── initrd
+│ ├── squashfs.img
+│ └── vmlinuz
└── syslinux
- ├── chain.c32 -> [syslinux]
- ├── ldlinux.c32 -> # syslinux
- ├── ldlinux.sys -> # syslinux
- ├── libcom32.c32 -> [syslinux]
- ├── libutil.c32 -> [syslinux]
- ├── splash.png -> [iso] boot/isolinux/splash.png
- ├── syslinux.cfg -> [iso] boot/isolinux/isolinux.cfg*
- └── vesamenu.c32 -> [syslinux]
+ ├── ldlinux.c32
+ ├── ldlinux.sys
+ └── syslinux.cfg
-[iso] -> void-live-x86_64{,-musl}-*.iso
-[refind] -> /usr/share/refind
-[syslinux] -> /usr/lib/syslinux
+5 directories, 10 files
</pre>
+</div>
+</section>
+
+<section id="outline-container-orgbd47abe" class="outline-2">
+<h2 id="orgbd47abe"><span class="section-number-2">3</span> UEFI</h2>
+<div class="outline-text-2" id="text-3">
+<p>
+I use rEFInd Boot Manager for UEFI boot, you can just download it from <a href="https://www.rodsbooks.com/refind/getting.html">the official website</a> and copy it to the FAT32 filesystem, or install <code>refind</code> the voidlinux package and then copy it from <code>/usr/share/refind</code>. It looks better with themes such like <a href="https://github.com/munlik/refind-theme-regular">refind-theme-regular</a>. You are free to customize it.
+</p>
+
<p>
-My <code>VOID_LIVE/refind/refind.conf</code>
+<code>EFI/{BOOT,refind}/refind.conf</code>
</p>
<pre class="example">
timeout 20
-#hideui hints
-#dont_scan_volumes VOID_LIVE
-resolution 1920 1080
-
-## refind-theme-regular
-#include /EFI/refind/themes/refind-theme-regular/theme.conf
-icons_dir /EFI/refind/themes/refind-theme-regular/icons/128-48
-big_icon_size 128
-small_icon_size 48
-banner /EFI/refind/themes/refind-theme-regular/icons/128-48/bg.png
-selection_big /EFI/refind/themes/refind-theme-regular/icons/128-48/selection-big.png
-selection_small /EFI/refind/themes/refind-theme-regular/icons/128-48/selection-small.png
-font /EFI/refind/themes/refind-theme-regular/fonts/source-code-pro-extralight-14.png
menuentry "Void Linux (x86_64-musl)" {
- icon /EFI/refind/icons/os_void.png
loader LiveOS/vmlinuz
initrd /LiveOS/initrd
options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1"
- #disabled
}
menuentry "Void Linux (x86_64-musl) (RAM)" {
- icon /EFI/refind/icons/os_void.png
loader LiveOS/vmlinuz
initrd /LiveOS/initrd
options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram"
- #disabled
}
</pre>
+</div>
+</section>
+
+<section id="outline-container-orgecbc6cb" class="outline-2">
+<h2 id="orgecbc6cb"><span class="section-number-2">4</span> Legacy BIOS</h2>
+<div class="outline-text-2" id="text-4">
<p>
-My <code>VOID_LIVE/syslinux/syslinux.cfg</code>, Check <code>boot/isolinux/isolinux.cfg</code> from ISO
+I use syslinux because it's more lightweight than grub, <code>syslinux</code> the package is required to install syslinux to USB stick. You can use the minimal config or graphical boot menu config, I recommend to use the minimal one.
</p>
-<pre class="example">
-UI vesamenu.c32
-PROMPT 0
-TIMEOUT 100
-ONTIMEOUT linux
+</div>
-MENU TABMSG Press ENTER to boot or TAB to edit a menu entry
-MENU AUTOBOOT BIOS default device boot in # second{,s}...
-MENU BACKGROUND splash.png
-MENU WIDTH 78
-MENU MARGIN 1
-MENU ROWS 4
-MENU VSHIFT 2
-MENU TIMEOUTROW 8
-MENU TABMSGROW 2
-MENU CMDLINEROW 11
-MENU HELPMSGROW 16
-MENU HELPMSGENDROW 29
+<div id="outline-container-orgcf2ba9a" class="outline-3">
+<h3 id="orgcf2ba9a"><span class="section-number-3">4.1</span> Minimal config</h3>
+<div class="outline-text-3" id="text-4-1">
+<p>
+To avoid syslinux <code>Boot Error</code> I just use this minimal configuration without any non-core syslinux modules, and only run the extlinux/syslinux command once. I recommend you to create the Live USB in this order.
+</p>
-MENU COLOR title * #FF5255FF *
-MENU COLOR border * #00000000 #00000000 none
-MENU COLOR sel * #ffffffff #FF5255FF *
+<ol class="org-ol">
+<li>Create FAT32 filesystem</li>
+<li>mount it to VOID_LIVE, create VOID_LIVE/syslinux/ folder</li>
+<li>Install syslinux with <code>extlinux --install VOID_LIVE/syslinux</code></li>
+<li>Add syslinux/syslinux.cfg and LiveOS/{vmlinuz,initrd,squashfs.img}</li>
+</ol>
-LABEL linux
-MENU LABEL Void Linux 5.3.9_1 x86_64-musl
-KERNEL /LiveOS/vmlinuz
-APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1
-LABEL linuxram
-MENU LABEL Void Linux 5.3.9_1 x86_64-musl (RAM)
-KERNEL /LiveOS/vmlinuz
-APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram
-LABEL c
-MENU LABEL Boot first HD found by BIOS
-COM32 chain.c32
-APPEND hd0
-</pre>
<p>
-Minimal <code>VOID_LIVE/syslinux/syslinux.cfg</code>
+<code>syslinux/syslinux.cfg</code>
</p>
<pre class="example">
PROMPT 1
@@ -230,99 +208,35 @@ TIMEOUT 50
DEFAULT voidram
LABEL void
- LINUX ../LiveOS/vmlinuz
+ LINUX /LiveOS/vmlinuz
APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1
- INITRD ../LiveOS/initrd
LABEL voidram
- LINUX ../LiveOS/vmlinuz
+ LINUX /LiveOS/vmlinuz
APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram
- INITRD ../LiveOS/initrd
</pre>
</div>
-</section>
-
-<section id="outline-container-org21ef77a" class="outline-2">
-<h2 id="org21ef77a"><span class="section-number-2">3</span> Create FAT32 Partitionless Void Linux Live USB</h2>
-<div class="outline-text-2" id="text-3">
-</div>
-<div id="outline-container-orgd05d3a2" class="outline-3">
-<h3 id="orgd05d3a2"><span class="section-number-3">3.1</span> Download void-live ISO and bootloaders</h3>
-<div class="outline-text-3" id="text-3-1">
-<ul class="org-ul">
-<li><a href="https://voidlinux.org/download/">void-live</a>, I use <code>void-live-x86_64-musl-20191109.iso</code></li>
-<li><a href="https://www.rodsbooks.com/refind/getting.html">rEFInd</a>, I use <code>refind</code> the void package</li>
-<li><a href="https://wiki.syslinux.org/wiki/index.php?title=Download">syslinux</a>, I use <code>syslinux</code> the void package</li>
-</ul>
-</div>
</div>
-<div id="outline-container-org29f9b38" class="outline-3">
-<h3 id="org29f9b38"><span class="section-number-3">3.2</span> Create the FAT32 filesystem and label it</h3>
-<div class="outline-text-3" id="text-3-2">
+<div id="outline-container-org68c5cce" class="outline-3">
+<h3 id="org68c5cce"><span class="section-number-3">4.2</span> Graphical boot menu</h3>
+<div class="outline-text-3" id="text-4-2">
<p>
-Assume the USB stick where we are going to create LiveOS is <code>/dev/sdc</code> and the FAT32 volume name is <code>VOID_LIVE</code>, note the volume name should be identical as boot options specified in bootloader configuration files.
+You can check <code>boot/isolinux/{*.c32,isolinux.cfg}</code> from void-live iso for dependencies and config to use graphical boot menu, but from my experience you need to create the Live USB in this order to avoid syslinux <code>Boot Error</code> (not able to boot), especially when the squashfs.img is large.
</p>
-<div class="org-src-container">
-<pre class="src src-sh">sudo mkfs.vfat -I -F32 -n VOID_LIVE /dev/sdc
-mkdir VOID_LIVE
-sudo mount /dev/sdc VOID_LIVE
-</pre>
-</div>
-</div>
-</div>
-<div id="outline-container-orgfe63804" class="outline-3">
-<h3 id="orgfe63804"><span class="section-number-3">3.3</span> Grab files from void-live ISO</h3>
-<div class="outline-text-3" id="text-3-3">
+<ol class="org-ol">
+<li>Create FAT32 filesystem</li>
+<li>mount it to VOID_LIVE</li>
+<li>Add <code>syslinux/{chain,libcom32,libutil,vesamenu}.c32</code> (from <code>/usr/lib/syslinux</code>), <code>/syslinux.cfg</code> (optionally <code>splash.png</code>), and <code>LiveOS/{vmlinuz,initrd}</code></li>
+<li>Install syslinux with <code>extlinux --install VOID_LIVE/syslinux</code></li>
+<li>Add VOID_LIVE/LiveOS/squashfs.img</li>
+<li>umount VOID_LIVE</li>
+</ol>
+
<p>
-Assume we are using <code>void-live-x86_64-musl-20191109.iso</code>
+Note it may won't able to boot if you change any of files syslinux may load, including kernel and initramfs. Reinstall syslinux to the USB stick won't help and the only solution I know is recreate the FAT32 filesystem and start over again.
</p>
-<div class="org-src-container">
-<pre class="src src-sh">mkdir void-live-x86_64-musl-20191109
-sudo mount void-live-x86_64-musl-20191109.iso void-live-x86_64-musl-20191109
-sudo mkdir VOID_LIVE/LiveOS
-sudo cp void-live-x86_64-musl-20191109/boot/{initrd,vmlinuz} VOID_LIVE/LiveOS
-<span class="org-comment-delimiter">## </span><span class="org-comment">Optionally grab splash.png</span>
-sudo mkdir VOID_LIVE/syslinux
-sudo cp void-live-x86_64-musl-20191109/boot/isolinux/splash.png VOID_LIVE/syslinux
-</pre>
-</div>
-</div>
-</div>
-
-<div id="outline-container-org895b983" class="outline-3">
-<h3 id="org895b983"><span class="section-number-3">3.4</span> rEFInd for UEFI</h3>
-<div class="outline-text-3" id="text-3-4">
-<div class="org-src-container">
-<pre class="src src-sh">sudo xbps-install -S refind
-sudo mkdir VOID_LIVE/EFI/refind
-sudo cp -r /usr/share/refind/icons VOID_LIVE/EFI/refind/
-sudo cp /usr/share/refind/refind_x64.efi VOID_LIVE/EFI/refind/
-sudo cp VOID_LIVE/EFI/{refind/refind_x64.efi,BOOT/BOOTX64.efi}
-<span class="org-comment-delimiter">## </span><span class="org-comment">Optionall get https://github.com/munlik/refind-theme-regular</span>
-<span class="org-comment-delimiter">## </span><span class="org-comment">And put it under VOID_LIVE/EFI/refind/themes/</span>
-sudo vim VOID_LIVE/refind/refind.conf
-sudo cp VOID_LIVE/{refind,BOOT}/refind.conf
-</pre>
-</div>
-</div>
-</div>
-
-<div id="outline-container-orge0f7187" class="outline-3">
-<h3 id="orge0f7187"><span class="section-number-3">3.5</span> syslinux for Legacy BIOS</h3>
-<div class="outline-text-3" id="text-3-5">
-<div class="org-src-container">
-<pre class="src src-sh">sudo xbps-install -S syslinux
-sudo mkdir VOID_LIVE/syslinux
-sudo cp /usr/lib/syslinux/{chain,libcom32,libutil,vesamenu}.c32 VOID_LIVE/syslinux
-sudo extlinux --install VOID_LIVE/syslinux
-sudo vim VOID_LIVE/syslinux/syslinux.cfg
-sudo umount VOID_LIVE
-<span class="org-comment-delimiter">## </span><span class="org-comment">Or use syslinux command instead extlinux when the device is umounted</span>
-<span class="org-comment-delimiter">#</span><span class="org-comment">sudo syslinux --directory syslinux --install /dev/sdc</span>
-</pre>
-</div>
</div>
</div>
</section>
@@ -331,11 +245,11 @@ sudo umount VOID_LIVE
<div id="text-footnotes">
<div class="footdef"><sup><a id="fn.1" class="footnum" href="#fnr.1">1</a></sup> <div class="footpara"><p class="footpara">
-<a href="https://github.com/void-linux/void-mklive">void-mklive</a>
+<a href="https://unix.stackexchange.com/a/103568">For Legacy BIOS, Using a filesystem without a partition table thus not only saves space, but also a step in the boot process.</a>
</p></div></div>
<div class="footdef"><sup><a id="fn.2" class="footnum" href="#fnr.2">2</a></sup> <div class="footpara"><p class="footpara">
-<a href="https://unix.stackexchange.com/a/103568">For Legacy BIOS, Using a filesystem without a partition table thus not only saves space, but also a step in the boot process.</a>
+Use the official <a href="https://voidlinux.org/download/">void-live</a> or create your own iso by using <a href="https://github.com/void-linux/void-mklive">void-mklive</a>
</p></div></div>
diff --git a/.web/blog/index.html b/.web/blog/index.html
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en">
<head>
-<!-- 2020-07-13 -->
+<!-- 2020-07-14 -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Blog Index</title>
@@ -31,14 +31,14 @@
<main id="content">
<header>
<h1 class="title">Blog Index</h1>
-<p class="subtitle">Published on 2020-07-13 by Dash Eclipse.</p>
+<p class="subtitle">Published on 2020-07-14 by Dash Eclipse</p>
</header><ul class="org-ul">
<li><p>
<a href="fat32-partitionless-voidlinux-liveusb.html">FAT32 Partitionless Void Linux Live USB</a>
</p>
-<p class='pubdate'>by Dash Eclipse on Jul 10, 2020.</p></li>
+<p class='pubdate'>by Dash Eclipse on Jul 14, 2020.</p></li>
<li><p>
-<a href="pgp.html">OpenPGP Key Generation and Usage</a>
+<a href="create-and-use-openpgp-keys.html">Create and Use OpenPGP Keys</a>
</p>
<p class='pubdate'>by Dash Eclipse on Jun 30, 2020.</p></li>
</ul>
diff --git a/.web/blog/pgp.html b/.web/blog/pgp.html
@@ -1,167 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<!-- 2020-07-13 -->
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<title>OpenPGP Key Generation and Usage</title>
-<meta name="generator" content="Org mode">
-<meta name="author" content="Dash Eclipse">
-<meta name="description" content="How do I generate OpenPGP keys and use it"
->
-<meta name="keywords" content="openpgp, pgp, gnupg, gpg, subkey">
-<link rel='icon' type='image/x-icon' href='/favicon.svg'/>
-<meta name='viewport' content='width=device-width, initial-scale=1'>
-<link rel='stylesheet' href='/styles/topnav.css' type='text/css'/>
-<link rel='stylesheet' href='/styles/site.css' type='text/css'/>
-<link rel='stylesheet' href='/styles/syntax-coloring.css' type='text/css'/>
-<link rel='alternate' type='application/rss+xml' title='RSS' href='/blog/rss.xml'>
-</head>
-<body>
-<header id="top" class="status">
-<div>
-<ul class='topnav'>
-<li class='home'><a href='/#dash'>ezup.dev</a></li>
-<li><a class='active' href='./'>Blog</a></li>
-<li><a href='/#pgp'>PGP</a></li>
-<li><a href='/git/' target='_blank'><u>Git</u></a></li>
-<li class='right'><a href='/#about'>About</a></li>
-</ul>
-</div>
-</header>
-<main id="content">
-<header>
-<h1 class="title">OpenPGP Key Generation and Usage</h1>
-<p class="subtitle">Published on 2020-06-30 by Dash Eclipse.</p>
-</header><p>
-In this article I'm gonna explain how do I generate and use OpenPGP keys.
-</p>
-
-<section id="outline-container-org05d1dfb" class="outline-2">
-<h2 id="org05d1dfb"><span class="section-number-2">1</span> Install GnuPG</h2>
-<div class="outline-text-2" id="text-1">
-<p>
-On macOS you can use brew to install GnuPG <code>brew install gnupg</code>, you will also need <code>pinentry-mac</code> package if you are going to use it with GUI programs such like Thunderbird with Eng
-</p>
-</div>
-</section>
-
-<section id="outline-container-org00eba01" class="outline-2">
-<h2 id="org00eba01"><span class="section-number-2">2</span> OpenPGP key generation</h2>
-<div class="outline-text-2" id="text-2">
-<p>
-Beside <code>gpg --full-generate-key</code>, you can also create a key with gpg in batch mode<sup><a id="fnr.1" class="footref" href="#fn.1">1</a></sup>.
-</p>
-<div class="org-src-container">
-<pre class="src src-sh">cat >first-last.txt <<EOF
-<span class="org-sh-heredoc">%echo Generating a basic OpenPGP key</span>
-<span class="org-sh-heredoc">Key-Type: RSA</span>
-<span class="org-sh-heredoc">Key-Length: 4096</span>
-<span class="org-sh-heredoc">Key-Usage: cert</span>
-<span class="org-sh-heredoc">#Subkey-Type: RSA</span>
-<span class="org-sh-heredoc">#Subkey-Length: 4096</span>
-<span class="org-sh-heredoc">Name-Real: First Last</span>
-<span class="org-sh-heredoc">#Name-Comment:</span>
-<span class="org-sh-heredoc">Name-Email: user@domain.tld</span>
-<span class="org-sh-heredoc">Expire-Date: 30y</span>
-<span class="org-sh-heredoc">Passphrase: password</span>
-<span class="org-sh-heredoc">%commit</span>
-<span class="org-sh-heredoc">%echo done</span>
-<span class="org-sh-heredoc">EOF</span>
-</pre>
-</div>
-<p>
-Create a key in an ephemeral home directory
-</p>
-<div class="org-src-container">
-<pre class="src src-sh">mkdir -m700 .gnupg
-<span class="org-comment-delimiter">## </span><span class="org-comment">Set the environment variable</span>
-<span class="org-comment-delimiter">## </span><span class="org-comment">or pass --homedir .gnupg as an argument</span>
-<span class="org-builtin">export</span> <span class="org-variable-name">GNUPGHOME</span>=<span class="org-string">".gnupg"</span>
-gpg --batch --generate-key first-last.txt
-</pre>
-</div>
-</div>
-</section>
-
-<section id="outline-container-org28b1257" class="outline-2">
-<h2 id="org28b1257"><span class="section-number-2">3</span> Use subkeys</h2>
-<div class="outline-text-2" id="text-3">
-<p>
-I use encryption and signing subkeys instead of just use one key for everything, because it's safer when you keep your master key elsewhere and use different keys for different purposes. Debian also recommend to use subkeys.<sup><a id="fnr.2" class="footref" href="#fn.2">2</a></sup>
-</p>
-<div class="org-src-container">
-<pre class="src src-sh"><span class="org-comment-delimiter">## </span><span class="org-comment">adduid, (trust, 5,) save</span>
-gpg --edit-key user@domain.tld
-<span class="org-comment-delimiter">## </span><span class="org-comment">Get keygrip</span>
-gpg --with-keygrip --list-key <key-id>
-<span class="org-comment-delimiter">## </span><span class="org-comment">Export and Import the key to the GPG homedir</span>
-<span class="org-comment-delimiter">## </span><span class="org-comment">where you are gonna use the key,</span>
-<span class="org-comment-delimiter">## </span><span class="org-comment">remove the master key from there</span>
-<span class="org-comment-delimiter">## </span><span class="org-comment">and change the password</span>
-rm .gnupg/private-keys-v1.d/<keygrip>.key
-gpg --edit-key <key-id> passwd
-</pre>
-</div>
-</div>
-<div id="outline-container-orgb570cb2" class="outline-3">
-<h3 id="orgb570cb2"><span class="section-number-3">3.1</span> Thunderbird and Enigmail</h3>
-<div class="outline-text-3" id="text-3-1">
-<p>
-I use Thunderbird with Enigmail to send and receive PGP encrypted emails, you can follow <a href="https://ssd.eff.org/en/module/how-use-pgp-mac-os-x">the guide by EFF SSD</a> to set it up. Note you need to install <code>pinentry-mac</code> the package to use GPG with such GUI programs.
-</p>
-<div class="org-src-container">
-<pre class="src src-sh">brew install pinentry-mac
-<span class="org-builtin">echo</span> <span class="org-string">'pinentry-program /usr/local/bin/pinentry-mac'</span> > ~/.gnupg/gpg-agent.conf
-</pre>
-</div>
-</div>
-</div>
-<div id="outline-container-orgafdbd6c" class="outline-3">
-<h3 id="orgafdbd6c"><span class="section-number-3">3.2</span> Git</h3>
-<div class="outline-text-3" id="text-3-2">
-<div class="org-src-container">
-<pre class="src src-sh">git config --global gpg.program $(<span class="org-builtin">which</span> gpg)
-git config --global user.name <span class="org-string">'First Last'</span>
-git config --global user.email <span class="org-string">'user@domain.tld'</span>
-git config --global user.signingkey <signing_subkey_id>
-git config --global commit.gpgsign true
-</pre>
-</div>
-<p>
-In case you don't want to sign commits for specific repo, just run <code>git config commit.gpgsign false</code> in the repo directory.
-</p>
-</div>
-</div>
-<div id="outline-container-orgb021e05" class="outline-3">
-<h3 id="orgb021e05"><span class="section-number-3">3.3</span> pass (the standard unix password manager)</h3>
-<div class="outline-text-3" id="text-3-3">
-<p>
-I use <a href="https://www.passwordstore.org/">pass</a> to manage my passwords, with a different key. pass store passwords in a git repo, you can also store the <code>$GNUPGHOME</code> in a git repo or just in the same repo.
-I have some config like this in my zsh config <code>~/.zshrc.local</code>
-</p>
-<div class="org-src-container">
-<pre class="src src-sh"><span class="org-variable-name">PASSWORD_STORE_DIR</span>=<span class="org-string">"$HOME/passwordstore"</span>
-<span class="org-builtin">alias</span> <span class="org-variable-name">pass</span>=<span class="org-string">"GNUPGHOME=\"$HOME/passwordstore/.gnupg\" PASSWORD_STORE_DIR=\"$HOME/passwordstore\" pass"</span>
-</pre>
-</div>
-</div>
-</div>
-</section>
-<div id="footnotes">
-<h2 class="footnotes">Footnotes: </h2>
-<div id="text-footnotes">
-
-<div class="footdef"><sup><a id="fn.1" class="footnum" href="#fnr.1">1</a></sup> <div class="footpara"><p class="footpara">
-<a href="https://www.gnupg.org/documentation//manuals/gnupg/Unattended-GPG-key-generation.html">4.5.4 Unattended key generation | The GNU Privacy Guard Manual</a>
-</p></div></div>
-
-<div class="footdef"><sup><a id="fn.2" class="footnum" href="#fnr.2">2</a></sup> <div class="footpara"><p class="footpara">
-<a href="https://wiki.debian.org/Subkeys">Subkeys | Debian Wiki</a>
-</p></div></div>
-
-
-</div>
-</div></main>
-</body>
-</html>
diff --git a/.web/blog/rss.xml b/.web/blog/rss.xml
@@ -14,8 +14,8 @@
<link>https://ezup.dev/blog/</link>
<description><![CDATA[]]></description>
<language>en</language>
- <pubDate>Mon, 13 Jul 2020 10:11:56 +0000</pubDate>
- <lastBuildDate>Mon, 13 Jul 2020 10:11:56 +0000</lastBuildDate>
+ <pubDate>Tue, 14 Jul 2020 18:13:07 +0000</pubDate>
+ <lastBuildDate>Tue, 14 Jul 2020 18:13:07 +0000</lastBuildDate>
<generator>Emacs 26.3 Org-mode 9.3.7</generator>
<webMaster>dash@ezup.dev (Dash Eclipse)</webMaster>
<image>
@@ -30,15 +30,15 @@
<link>https://ezup.dev/blog/fat32-partitionless-voidlinux-liveusb.html</link>
<author>dash@ezup.dev (Dash Eclipse)</author>
<guid isPermaLink="false">https://ezup.dev/blog/fat32-partitionless-voidlinux-liveusb.html</guid>
- <pubDate>Fri, 10 Jul 2020 00:00:00 +0000</pubDate>
+ <pubDate>Tue, 14 Jul 2020 00:00:00 +0000</pubDate>
<description><![CDATA[]]></description>
</item>
<item>
- <title>OpenPGP Key Generation and Usage</title>
- <link>https://ezup.dev/blog/pgp.html</link>
+ <title>Create and Use OpenPGP Keys</title>
+ <link>https://ezup.dev/blog/create-and-use-openpgp-keys.html</link>
<author>dash@ezup.dev (Dash Eclipse)</author>
- <guid isPermaLink="false">https://ezup.dev/blog/pgp.html</guid>
+ <guid isPermaLink="false">https://ezup.dev/blog/create-and-use-openpgp-keys.html</guid>
<pubDate>Tue, 30 Jun 2020 00:00:00 +0000</pubDate>
<description><![CDATA[]]></description>
diff --git a/.web/fonts/ClearSans-Bold.woff2 b/.web/fonts/ClearSans-Bold.woff2
Binary files differ.
diff --git a/.web/fonts/ClearSans-Medium.woff2 b/.web/fonts/ClearSans-Medium.woff2
Binary files differ.
diff --git a/.web/styles/site.css b/.web/styles/site.css
@@ -34,7 +34,6 @@ body {
body h3 {
font-size: 5px;
margin-top: 21px;
- font-weight: bold;
}
body div.org-src-container pre {
font-size: 13px;
@@ -48,14 +47,17 @@ body {
div#text-table-of-contents ul li ul {
margin-top: 0.5em;
}
+#table-of-contents h2 {
+ font-size: 28px;
+ font-weight: normal;
+}
p.subtitle {
font-size: 17px;
margin-top: 1em;
margin-bottom: 1.4em;
}
h2.footnotes {
- font-weight: bold;
- font-size: 30px;
+ font-size: 28px;
margin-bottom: 5px;
}
p.footpara {
@@ -90,17 +92,15 @@ body h4 img {
body h1 {
font-size: 41px;
margin-top: 0.8em;
- font-weight: bold;
}
body h2 {
margin-top: 0.9em;
position: relative;
- font-size: 35px;
+ font-size: 30px;
}
body h3 {
- font-size: 23px;
+ font-size: 25px;
margin-top: 1em;
- font-weight: bold;
}
body p {
text-align: justify;
@@ -129,7 +129,7 @@ body code {
font-size: .9em;
}
body li {
- margin-bottom: 0.6em;
+ margin-bottom: 0.4em;
line-height: 1;
}
body img {
diff --git a/Makefile b/Makefile
@@ -7,6 +7,7 @@ publish: publish.el
sed -i 's/dash@ezup.dev/\d\a\s\h\@\e\z\u\p\.\d\e\v/g' .web/index.html
@sed -i 's/dashezup@disroot.org/\d\a\s\h\e\z\u\p\@\d\i\s\r\o\o\t\.\o\r\g/g' .web/index.html
@sed -i 's/dashezup@protonmail.com/\d\a\s\h\e\z\u\p\@\p\r\o\t\o\n\m\a\i\l\.\c\o\m/g' .web/index.html
+ @rm -f .web/blog/*~
clean:
@echo "Cleaning up..."
diff --git a/fonts/ClearSans-Bold.woff2 b/fonts/ClearSans-Bold.woff2
Binary files differ.
diff --git a/fonts/ClearSans-Medium.woff2 b/fonts/ClearSans-Medium.woff2
Binary files differ.
diff --git a/posts/create-and-use-openpgp-keys.org b/posts/create-and-use-openpgp-keys.org
@@ -0,0 +1,92 @@
+#+TITLE: Create and Use OpenPGP Keys
+#+AUTHOR: Dash Eclipse
+#+DATE: [2020-06-30 Tue]
+#+KEYWORDS: openpgp, pgp, gnupg, gpg, subkey
+#+DESCRIPTION: How do I generate OpenPGP keys and use it
+#+OPTIONS: toc:nil
+
+In this article I'm gonna explain how do I generate and use OpenPGP keys.
+
+* Install GnuPG
+ :PROPERTIES:
+ :ID: 22D75389-43AB-49A4-B998-B48AF2365397
+ :PUBDATE: <2020-07-02 Thu 21:30>
+ :END:
+ On macOS you can use brew to install GnuPG ~brew install gnupg~, you will also need ~pinentry-mac~ package if you are going to use it with GUI programs such like Thunderbird with Eng
+
+* OpenPGP key generation
+ :PROPERTIES:
+ :ID: 890C9B02-7790-4FAC-80B7-E36F5B3058D0
+ :PUBDATE: <2020-07-02 Thu 21:30>
+ :END:
+ Beside ~gpg --full-generate-key~, you can also create a key with gpg in batch mode[fn:1].
+ #+BEGIN_SRC sh
+ cat >first-last.txt <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: RSA
+ Key-Length: 4096
+ Key-Usage: cert
+ #Subkey-Type: RSA
+ #Subkey-Length: 4096
+ Name-Real: First Last
+ #Name-Comment:
+ Name-Email: user@domain.tld
+ Expire-Date: 30y
+ Passphrase: password
+ %commit
+ %echo done
+ EOF
+ #+END_SRC
+ Create a key in an ephemeral home directory
+ #+BEGIN_SRC sh
+ mkdir -m700 .gnupg
+ ## Set the environment variable
+ ## or pass --homedir .gnupg as an argument
+ export GNUPGHOME=".gnupg"
+ gpg --batch --generate-key first-last.txt
+ #+END_SRC
+
+* Use subkeys
+ :PROPERTIES:
+ :ID: E5DD933D-DF29-4D17-A703-4306E7F28349
+ :PUBDATE: <2020-07-02 Thu 21:30>
+ :END:
+ I use encryption and signing subkeys instead of just use one key for everything, because it's safer when you keep your master key elsewhere and use different keys for different purposes. Debian also recommend to use subkeys.[fn:2]
+ #+BEGIN_SRC sh
+ ## adduid, (trust, 5,) save
+ gpg --edit-key user@domain.tld
+ ## Get keygrip
+ gpg --with-keygrip --list-key <key-id>
+ ## Export and Import the key to the GPG homedir
+ ## where you are gonna use the key,
+ ## remove the master key from there
+ ## and change the password
+ rm .gnupg/private-keys-v1.d/<keygrip>.key
+ gpg --edit-key <key-id> passwd
+ #+END_SRC
+** Thunderbird and Enigmail
+ I use Thunderbird with Enigmail to send and receive PGP encrypted emails, you can follow [[https://ssd.eff.org/en/module/how-use-pgp-mac-os-x][the guide by EFF SSD]] to set it up. Note you need to install ~pinentry-mac~ the package to use GPG with such GUI programs.
+ #+BEGIN_SRC sh
+ brew install pinentry-mac
+ echo 'pinentry-program /usr/local/bin/pinentry-mac' > ~/.gnupg/gpg-agent.conf
+ #+END_SRC
+** Git
+ #+BEGIN_SRC sh
+ git config --global gpg.program $(which gpg)
+ git config --global user.name 'First Last'
+ git config --global user.email 'user@domain.tld'
+ git config --global user.signingkey <signing_subkey_id>
+ git config --global commit.gpgsign true
+ #+END_SRC
+ In case you don't want to sign commits for specific repo, just run ~git config commit.gpgsign false~ in the repo directory.
+** pass (the standard unix password manager)
+ I use [[https://www.passwordstore.org/][pass]] to manage my passwords, with a different key. pass store passwords in a git repo, you can also store the ~$GNUPGHOME~ in a git repo or just in the same repo.
+ I have some config like this in my zsh config ~~/.zshrc.local~
+ #+BEGIN_SRC sh
+ PASSWORD_STORE_DIR="$HOME/passwordstore"
+ alias pass="GNUPGHOME=\"$HOME/passwordstore/.gnupg\" PASSWORD_STORE_DIR=\"$HOME/passwordstore\" pass"
+ #+END_SRC
+* Footnotes
+
+[fn:1] [[https://www.gnupg.org/documentation//manuals/gnupg/Unattended-GPG-key-generation.html][4.5.4 Unattended key generation | The GNU Privacy Guard Manual]]
+[fn:2] [[https://wiki.debian.org/Subkeys][Subkeys | Debian Wiki]]
diff --git a/posts/fat32-partitionless-voidlinux-liveusb.org b/posts/fat32-partitionless-voidlinux-liveusb.org
@@ -1,212 +1,136 @@
#+STARTUP: content
#+TITLE: FAT32 Partitionless Void Linux Live USB
#+AUTHOR: Dash Eclipse
-#+DATE: [2020-07-10 Fri]
+#+DATE: [2020-07-14 Tue]
#+KEYWORDS: voidlinux, liveusb, liveos, refind, syslinux, uefi, legacy bios
#+DESCRIPTION: Install Void Linux LiveOS on A FAT32 Partitionless USB Stick, Works for Both UEFI and Legacy BIOS
#+OPTIONS: toc:t
* What is this about and why do I create Live USB this way
- I use void-live as my Live USB because it supports booting into RAM, so I can eject USB stick after boot into LiveOS. And Void Linux provides a set of scripts[fn:1] to generate the iso, it's pretty easy to customize it and it just works.
+
+ I use void-live as my Live USB because it supports booting into RAM, so I can eject USB stick after boot into LiveOS. And it's esay to use void-mklive to generate customized iso, it's simple and just works.
But I don't want to use ~dd~ to write iso to my USB stick each time I need to use Live USB, or use a dedicated USB stick for the LiveOS. I can't use the USB stick to store other files once I create Live USB this way.
- The solution is pretty simple, just create one FAT32 filesystem on the USB stick, install bootloaders and copy LiveOS to it, and then configure the bootloader to boot the LiveOS.
+ The solution is pretty simple, just create one FAT32 filesystem on the USB stick without any partition table, install bootloaders and copy LiveOS to it, and then configure the bootloader to boot the LiveOS.
** Advantages
+
- Works for both UEFI and Legacy BIOS
- Maximally use the storage, everything in one filesystem
- Could still use the USB stick for storing files as noraml
- Easy to delete the LiveOS from the USB stick, just remove these files
- - Simple and just works, no dirty hacks, no need for loading iso files
- - No need to install boot code
+ - Simple and just works, no dirty hacks, no need to load iso files
+ - No need to install boot code[fn:2]
+
+** How does it work?
-** How does this works and works for both UEFI and Legacy BIOS?
It's pretty simple, just install the bootloader, configure it to load ~vmlinuz~ the linux kernel and ~initrd~ the initramfs and it will load ~LiveOS/squashfs.img~ from the FAT32 filesystem which labeled as ~VOID_LIVE~.
Just install bootloaders for UEFI and Legacy BIOS, I choose rEFInd for UEFI and syslinux for Legacy BIOS.
- For UEFI, a FAT32 filesystem is necessary for loading a boot manager or bootloader, the FAT32 filesystem does not necessarily to be inside a GPT or MBR partition table, it could on the whole device without any partition table (a.k.a. partitionless).
+ For UEFI, a FAT32 filesystem is necessary for loading a boot manager or bootloader, the FAT32 filesystem does not necessarily need to be inside a GPT or MBR partition table, it could on the whole device without any partition table (a.k.a. partitionless).
For Legacy BIOS, when you have a partition table on the hard drive, you need to install the boot code to the device to be able to boot from it, and the partition which contains the bootloader should be marked as *active*. But you don't need to install boot code for a partitionless setup[fn:2], it just boots from the filesystem.
-* Layout and Bootloader configuration files
- Layout
+* FAT32 filesystem creation and file directory structure
+
+ Assume the USB stick where we are going to create Live USB on is ~/dev/sdc~ and the FAT32 volume name is ~VOID_LIVE~, you can create it with this command. Note the volume name can be other value but must be identical as boot options specified in bootloader configuration files.
+ #+BEGIN_SRC sh
+ sudo mkfs.vfat -I -F32 -n VOID_LIVE /dev/sdc
+ #+END_SRC
+
+ - ~LiveOS/~ linux kernel, initramfs and LiveOS from void-live [fn:1]
+ - ~EFI/~ rEFInd stuff for UEFI boot
+ - ~syslinux/~ syslinux stuff for legacy BIOS boot
+ Boot options can be found in ~boot/isolinux/isolinux.cfg~ or ~boot/grub/grub_void.cfg~ from void-live iso.
#+BEGIN_EXPORT html
<pre style="line-height:1;">
- VOID_LIVE -> # mkfs.vfat, fatlabel
+ VOID_LIVE
├── EFI
- │ ├── BOOT
- │ │ ├── BOOTX64.EFI -> ../refind/refind_x64.efi
- │ │ └── refind.conf -> ../refind/refind.conf
- │ └── refind
- │ ├── icons -> [refind]
- │ │ └── ...
- │ ├── refind_x64.efi -> [refind]
- │ ├── refind.conf
- │ └── themes
- │ └── refind-theme-regular -> [github] munlik/refind-theme-regular
- │ └── ...
+ │ ├── BOOT
+ │ │ ├── BOOTX64.EFI
+ │ │ └── refind.conf
+ │ └── refind
+ │ ├── refind.conf
+ │ └── refind_x64.efi
├── LiveOS
- │ ├── initrd -> [iso] boot/initrd
- │ ├── squashfs.img -> [iso]
- │ └── vmlinuz -> [iso] boot/vmlinuz
+ │ ├── initrd
+ │ ├── squashfs.img
+ │ └── vmlinuz
└── syslinux
- ├── chain.c32 -> [syslinux]
- ├── ldlinux.c32 -> # syslinux
- ├── ldlinux.sys -> # syslinux
- ├── libcom32.c32 -> [syslinux]
- ├── libutil.c32 -> [syslinux]
- ├── splash.png -> [iso] boot/isolinux/splash.png
- ├── syslinux.cfg -> [iso] boot/isolinux/isolinux.cfg*
- └── vesamenu.c32 -> [syslinux]
-
- [iso] -> void-live-x86_64{,-musl}-*.iso
- [refind] -> /usr/share/refind
- [syslinux] -> /usr/lib/syslinux
+ ├── ldlinux.c32
+ ├── ldlinux.sys
+ └── syslinux.cfg
+
+ 5 directories, 10 files
</pre>
#+END_EXPORT
- My ~VOID_LIVE/refind/refind.conf~
- #+BEGIN_EXAMPLE
- timeout 20
- #hideui hints
- #dont_scan_volumes VOID_LIVE
- resolution 1920 1080
-
- ## refind-theme-regular
- #include /EFI/refind/themes/refind-theme-regular/theme.conf
- icons_dir /EFI/refind/themes/refind-theme-regular/icons/128-48
- big_icon_size 128
- small_icon_size 48
- banner /EFI/refind/themes/refind-theme-regular/icons/128-48/bg.png
- selection_big /EFI/refind/themes/refind-theme-regular/icons/128-48/selection-big.png
- selection_small /EFI/refind/themes/refind-theme-regular/icons/128-48/selection-small.png
- font /EFI/refind/themes/refind-theme-regular/fonts/source-code-pro-extralight-14.png
-
- menuentry "Void Linux (x86_64-musl)" {
- icon /EFI/refind/icons/os_void.png
- loader LiveOS/vmlinuz
- initrd /LiveOS/initrd
- options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1"
- #disabled
- }
-
- menuentry "Void Linux (x86_64-musl) (RAM)" {
- icon /EFI/refind/icons/os_void.png
- loader LiveOS/vmlinuz
- initrd /LiveOS/initrd
- options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram"
- #disabled
- }
- #+END_EXAMPLE
- My ~VOID_LIVE/syslinux/syslinux.cfg~, Check ~boot/isolinux/isolinux.cfg~ from ISO
- #+BEGIN_EXAMPLE
- UI vesamenu.c32
- PROMPT 0
- TIMEOUT 100
- ONTIMEOUT linux
-
- MENU TABMSG Press ENTER to boot or TAB to edit a menu entry
- MENU AUTOBOOT BIOS default device boot in # second{,s}...
- MENU BACKGROUND splash.png
- MENU WIDTH 78
- MENU MARGIN 1
- MENU ROWS 4
- MENU VSHIFT 2
- MENU TIMEOUTROW 8
- MENU TABMSGROW 2
- MENU CMDLINEROW 11
- MENU HELPMSGROW 16
- MENU HELPMSGENDROW 29
-
- MENU COLOR title * #FF5255FF *
- MENU COLOR border * #00000000 #00000000 none
- MENU COLOR sel * #ffffffff #FF5255FF *
-
- LABEL linux
- MENU LABEL Void Linux 5.3.9_1 x86_64-musl
- KERNEL /LiveOS/vmlinuz
- APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1
- LABEL linuxram
- MENU LABEL Void Linux 5.3.9_1 x86_64-musl (RAM)
- KERNEL /LiveOS/vmlinuz
- APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram
- LABEL c
- MENU LABEL Boot first HD found by BIOS
- COM32 chain.c32
- APPEND hd0
- #+END_EXAMPLE
- Minimal ~VOID_LIVE/syslinux/syslinux.cfg~
+
+* UEFI
+
+ I use rEFInd Boot Manager for UEFI boot, you can just download it from [[https://www.rodsbooks.com/refind/getting.html][the official website]] and copy it to the FAT32 filesystem, or install ~refind~ the voidlinux package and then copy it from ~/usr/share/refind~. It looks better with themes such like [[https://github.com/munlik/refind-theme-regular][refind-theme-regular]]. You are free to customize it.
+
+ ~EFI/{BOOT,refind}/refind.conf~
#+BEGIN_EXAMPLE
+ timeout 20
+
+ menuentry "Void Linux (x86_64-musl)" {
+ loader LiveOS/vmlinuz
+ initrd /LiveOS/initrd
+ options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1"
+ }
+
+ menuentry "Void Linux (x86_64-musl) (RAM)" {
+ loader LiveOS/vmlinuz
+ initrd /LiveOS/initrd
+ options "root=live:CDLABEL=VOID_LIVE ro init=/sbin/init rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 gpt add_efi_memmap vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram"
+ }
+ #+END_EXAMPLE
+
+* Legacy BIOS
+
+ I use syslinux because it's more lightweight than grub, ~syslinux~ the package is required to install syslinux to USB stick. You can use the minimal config or graphical boot menu config, I recommend to use the minimal one.
+
+** Minimal config
+
+ To avoid syslinux ~Boot Error~ I just use this minimal configuration without any non-core syslinux modules, and only run the extlinux/syslinux command once. I recommend you to create the Live USB in this order.
+
+ 1. Create FAT32 filesystem
+ 2. mount it to VOID_LIVE, create VOID_LIVE/syslinux/ folder
+ 3. Install syslinux with ~extlinux --install VOID_LIVE/syslinux~
+ 4. Add syslinux/syslinux.cfg and LiveOS/{vmlinuz,initrd,squashfs.img}
+
+ ~syslinux/syslinux.cfg~
+ #+BEGIN_EXAMPLE
PROMPT 1
TIMEOUT 50
DEFAULT voidram
LABEL void
- LINUX ../LiveOS/vmlinuz
+ LINUX /LiveOS/vmlinuz
APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1
- INITRD ../LiveOS/initrd
LABEL voidram
- LINUX ../LiveOS/vmlinuz
+ LINUX /LiveOS/vmlinuz
APPEND initrd=/LiveOS/initrd root=live:CDLABEL=VOID_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=dvorak-programmer locale.LANG=en_US.UTF-8 rd.live.overlay.overlayfs=1 rd.live.ram
- INITRD ../LiveOS/initrd
#+END_EXAMPLE
-* Create FAT32 Partitionless Void Linux Live USB
-
-** Download void-live ISO and bootloaders
- - [[https://voidlinux.org/download/][void-live]], I use ~void-live-x86_64-musl-20191109.iso~
- - [[https://www.rodsbooks.com/refind/getting.html][rEFInd]], I use ~refind~ the void package
- - [[https://wiki.syslinux.org/wiki/index.php?title=Download][syslinux]], I use ~syslinux~ the void package
-
-** Create the FAT32 filesystem and label it
- Assume the USB stick where we are going to create LiveOS is ~/dev/sdc~ and the FAT32 volume name is ~VOID_LIVE~, note the volume name should be identical as boot options specified in bootloader configuration files.
- #+BEGIN_SRC sh
- sudo mkfs.vfat -I -F32 -n VOID_LIVE /dev/sdc
- mkdir VOID_LIVE
- sudo mount /dev/sdc VOID_LIVE
- #+END_SRC
-
-** Grab files from void-live ISO
- Assume we are using ~void-live-x86_64-musl-20191109.iso~
- #+BEGIN_SRC sh
- mkdir void-live-x86_64-musl-20191109
- sudo mount void-live-x86_64-musl-20191109.iso void-live-x86_64-musl-20191109
- sudo mkdir VOID_LIVE/LiveOS
- sudo cp void-live-x86_64-musl-20191109/boot/{initrd,vmlinuz} VOID_LIVE/LiveOS
- ## Optionally grab splash.png
- sudo mkdir VOID_LIVE/syslinux
- sudo cp void-live-x86_64-musl-20191109/boot/isolinux/splash.png VOID_LIVE/syslinux
- #+END_SRC
-
-** rEFInd for UEFI
- #+BEGIN_SRC sh
- sudo xbps-install -S refind
- sudo mkdir VOID_LIVE/EFI/refind
- sudo cp -r /usr/share/refind/icons VOID_LIVE/EFI/refind/
- sudo cp /usr/share/refind/refind_x64.efi VOID_LIVE/EFI/refind/
- sudo cp VOID_LIVE/EFI/{refind/refind_x64.efi,BOOT/BOOTX64.efi}
- ## Optionall get https://github.com/munlik/refind-theme-regular
- ## And put it under VOID_LIVE/EFI/refind/themes/
- sudo vim VOID_LIVE/refind/refind.conf
- sudo cp VOID_LIVE/{refind,BOOT}/refind.conf
- #+END_SRC
-
-** syslinux for Legacy BIOS
- #+BEGIN_SRC sh
- sudo xbps-install -S syslinux
- sudo mkdir VOID_LIVE/syslinux
- sudo cp /usr/lib/syslinux/{chain,libcom32,libutil,vesamenu}.c32 VOID_LIVE/syslinux
- sudo extlinux --install VOID_LIVE/syslinux
- sudo vim VOID_LIVE/syslinux/syslinux.cfg
- sudo umount VOID_LIVE
- ## Or use syslinux command instead extlinux when the device is umounted
- #sudo syslinux --directory syslinux --install /dev/sdc
- #+END_SRC
+** Graphical boot menu
+
+ You can check ~boot/isolinux/{*.c32,isolinux.cfg}~ from void-live iso for dependencies and config to use graphical boot menu, but from my experience you need to create the Live USB in this order to avoid syslinux ~Boot Error~ (not able to boot), especially when the squashfs.img is large.
+
+ 1. Create FAT32 filesystem
+ 2. mount it to VOID_LIVE
+ 3. Add ~syslinux/{chain,libcom32,libutil,vesamenu}.c32~ (from ~/usr/lib/syslinux~), ~/syslinux.cfg~ (optionally ~splash.png~), and ~LiveOS/{vmlinuz,initrd}~
+ 4. Install syslinux with ~extlinux --install VOID_LIVE/syslinux~
+ 5. Add VOID_LIVE/LiveOS/squashfs.img
+ 6. umount VOID_LIVE
+
+ Note it may won't able to boot if you change any of files syslinux may load, including kernel and initramfs. Reinstall syslinux to the USB stick won't help and the only solution I know is recreate the FAT32 filesystem and start over again.
* Footnotes
-[fn:1] [[https://github.com/void-linux/void-mklive][void-mklive]]
+[fn:1] Use the official [[https://voidlinux.org/download/][void-live]] or create your own iso by using [[https://github.com/void-linux/void-mklive][void-mklive]]
[fn:2] [[https://unix.stackexchange.com/a/103568][For Legacy BIOS, Using a filesystem without a partition table thus not only saves space, but also a step in the boot process.]]
diff --git a/posts/index.org b/posts/index.org
@@ -2,6 +2,6 @@
#+META_TYPE: website
#+DESCRIPTION: Dash Eclipse's Personal Blog
- [[file:fat32-partitionless-voidlinux-liveusb.org][FAT32 Partitionless Void Linux Live USB]]
- #+html: <p class='pubdate'>by Dash Eclipse on Jul 10, 2020.</p>
-- [[file:pgp.org][OpenPGP Key Generation and Usage]]
+ #+html: <p class='pubdate'>by Dash Eclipse on Jul 14, 2020.</p>
+- [[file:create-and-use-openpgp-keys.org][Create and Use OpenPGP Keys]]
#+html: <p class='pubdate'>by Dash Eclipse on Jun 30, 2020.</p>
\ No newline at end of file
diff --git a/posts/pgp.org b/posts/pgp.org
@@ -1,92 +0,0 @@
-#+TITLE: OpenPGP Key Generation and Usage
-#+AUTHOR: Dash Eclipse
-#+DATE: [2020-06-30 Tue]
-#+KEYWORDS: openpgp, pgp, gnupg, gpg, subkey
-#+DESCRIPTION: How do I generate OpenPGP keys and use it
-#+OPTIONS: toc:nil
-
-In this article I'm gonna explain how do I generate and use OpenPGP keys.
-
-* Install GnuPG
- :PROPERTIES:
- :ID: 22D75389-43AB-49A4-B998-B48AF2365397
- :PUBDATE: <2020-07-02 Thu 21:30>
- :END:
- On macOS you can use brew to install GnuPG ~brew install gnupg~, you will also need ~pinentry-mac~ package if you are going to use it with GUI programs such like Thunderbird with Eng
-
-* OpenPGP key generation
- :PROPERTIES:
- :ID: 890C9B02-7790-4FAC-80B7-E36F5B3058D0
- :PUBDATE: <2020-07-02 Thu 21:30>
- :END:
- Beside ~gpg --full-generate-key~, you can also create a key with gpg in batch mode[fn:1].
- #+BEGIN_SRC sh
- cat >first-last.txt <<EOF
- %echo Generating a basic OpenPGP key
- Key-Type: RSA
- Key-Length: 4096
- Key-Usage: cert
- #Subkey-Type: RSA
- #Subkey-Length: 4096
- Name-Real: First Last
- #Name-Comment:
- Name-Email: user@domain.tld
- Expire-Date: 30y
- Passphrase: password
- %commit
- %echo done
- EOF
- #+END_SRC
- Create a key in an ephemeral home directory
- #+BEGIN_SRC sh
- mkdir -m700 .gnupg
- ## Set the environment variable
- ## or pass --homedir .gnupg as an argument
- export GNUPGHOME=".gnupg"
- gpg --batch --generate-key first-last.txt
- #+END_SRC
-
-* Use subkeys
- :PROPERTIES:
- :ID: E5DD933D-DF29-4D17-A703-4306E7F28349
- :PUBDATE: <2020-07-02 Thu 21:30>
- :END:
- I use encryption and signing subkeys instead of just use one key for everything, because it's safer when you keep your master key elsewhere and use different keys for different purposes. Debian also recommend to use subkeys.[fn:2]
- #+BEGIN_SRC sh
- ## adduid, (trust, 5,) save
- gpg --edit-key user@domain.tld
- ## Get keygrip
- gpg --with-keygrip --list-key <key-id>
- ## Export and Import the key to the GPG homedir
- ## where you are gonna use the key,
- ## remove the master key from there
- ## and change the password
- rm .gnupg/private-keys-v1.d/<keygrip>.key
- gpg --edit-key <key-id> passwd
- #+END_SRC
-** Thunderbird and Enigmail
- I use Thunderbird with Enigmail to send and receive PGP encrypted emails, you can follow [[https://ssd.eff.org/en/module/how-use-pgp-mac-os-x][the guide by EFF SSD]] to set it up. Note you need to install ~pinentry-mac~ the package to use GPG with such GUI programs.
- #+BEGIN_SRC sh
- brew install pinentry-mac
- echo 'pinentry-program /usr/local/bin/pinentry-mac' > ~/.gnupg/gpg-agent.conf
- #+END_SRC
-** Git
- #+BEGIN_SRC sh
- git config --global gpg.program $(which gpg)
- git config --global user.name 'First Last'
- git config --global user.email 'user@domain.tld'
- git config --global user.signingkey <signing_subkey_id>
- git config --global commit.gpgsign true
- #+END_SRC
- In case you don't want to sign commits for specific repo, just run ~git config commit.gpgsign false~ in the repo directory.
-** pass (the standard unix password manager)
- I use [[https://www.passwordstore.org/][pass]] to manage my passwords, with a different key. pass store passwords in a git repo, you can also store the ~$GNUPGHOME~ in a git repo or just in the same repo.
- I have some config like this in my zsh config ~~/.zshrc.local~
- #+BEGIN_SRC sh
- PASSWORD_STORE_DIR="$HOME/passwordstore"
- alias pass="GNUPGHOME=\"$HOME/passwordstore/.gnupg\" PASSWORD_STORE_DIR=\"$HOME/passwordstore\" pass"
- #+END_SRC
-* Footnotes
-
-[fn:1] [[https://www.gnupg.org/documentation//manuals/gnupg/Unattended-GPG-key-generation.html][4.5.4 Unattended key generation | The GNU Privacy Guard Manual]]
-[fn:2] [[https://wiki.debian.org/Subkeys][Subkeys | Debian Wiki]]
diff --git a/posts/rss.org b/posts/rss.org
@@ -3,12 +3,12 @@
* FAT32 Partitionless Void Linux Live USB
:PROPERTIES:
:RSS_PERMALINK: fat32-partitionless-voidlinux-liveusb.html
-:PUBDATE: 2020-07-10
-:ID: 720604EF-ED97-4D54-B8FD-78EA81523650
+:PUBDATE: 2020-07-14
+:ID: 3190658F-8EF1-4D9C-9C60-CCF68581FFD2
:END:
-* OpenPGP Key Generation and Usage
+* Create and Use OpenPGP Keys
:PROPERTIES:
-:RSS_PERMALINK: pgp.html
+:RSS_PERMALINK: create-and-use-openpgp-keys.html
:PUBDATE: 2020-06-30
-:ID: 4BAB43BA-22D5-450E-9594-47F251EADA51
+:ID: 16FADEB7-7253-44AD-8900-33A19FF095D7
:END:
diff --git a/publish.el b/publish.el
@@ -56,7 +56,7 @@ PLIST contains the properties, FILENAME the source file and
PUB-DIR the output directory."
(let ((project (cons 'ezup plist)))
(plist-put plist :subtitle
- (format "Published on %s by %s."
+ (format "Published on %s by %s"
(format-time-string "%Y-%m-%d" (org-publish-find-date filename project))
(plist-get plist :author)))
(org-html-publish-to-html plist filename pub-dir)))
diff --git a/styles/site.css b/styles/site.css
@@ -34,7 +34,6 @@ body {
body h3 {
font-size: 5px;
margin-top: 21px;
- font-weight: bold;
}
body div.org-src-container pre {
font-size: 13px;
@@ -48,14 +47,17 @@ body {
div#text-table-of-contents ul li ul {
margin-top: 0.5em;
}
+#table-of-contents h2 {
+ font-size: 28px;
+ font-weight: normal;
+}
p.subtitle {
font-size: 17px;
margin-top: 1em;
margin-bottom: 1.4em;
}
h2.footnotes {
- font-weight: bold;
- font-size: 30px;
+ font-size: 28px;
margin-bottom: 5px;
}
p.footpara {
@@ -90,17 +92,15 @@ body h4 img {
body h1 {
font-size: 41px;
margin-top: 0.8em;
- font-weight: bold;
}
body h2 {
margin-top: 0.9em;
position: relative;
- font-size: 35px;
+ font-size: 30px;
}
body h3 {
- font-size: 23px;
+ font-size: 25px;
margin-top: 1em;
- font-weight: bold;
}
body p {
text-align: justify;
@@ -129,7 +129,7 @@ body code {
font-size: .9em;
}
body li {
- margin-bottom: 0.6em;
+ margin-bottom: 0.4em;
line-height: 1;
}
body img {
