Rename a git tag old to new:
git tag new old
git tag -d old
git push origin :refs/tags/old
git push --tags
The colon in the push command removes the tag from the remote repository. If you don't do this, git will create the old tag on your machine when you pull.
Source: https://www.howtoforge.com/tutorial/passwordless-encryption-of-linux-root-partition/
The process of entering the passphrase at boot time will now be automated using an USB memory stick. Instead of using a passphrase , the secret key on the USB will decrypt the encrypted volumes. Connect an USB stick to the VM and locate it using the dmesg command. It is detected as /dev/sdb in my VM.
The secret key of 8192 random byte is extracted from the usb stick using the dd command.
dd if=/dev/sdb of=/root/secret.key bs=512 skip=4 count=16
sudo cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda1
sudo cryptsetup open --type luks /dev/sda1 backup
sudo mkfs.ext4 /dev/mapper/backup
sudo mount -t ext4 /dev/mapper/backup /mnt/backup
sudo umount /mnt/backup
| #!/bin/bash | |
| DATE=`date +%Y%m%d-%H%M%S` | |
| PROGNAME=$(basename $0) | |
| APPEND=-$DATE.tar.gz | |
| # Set the local backup directory, ensure that this directory exists | |
| LOCALDIR=$HOME/backups/ | |
| # Set the remote directory to backup |
You can unlock your rootfs on bootup from remote, using ssh to log in to the booting system while it's running with the initramfs mounted.
For remote unlocking to work, the following packages have to be installed before building the initramfs: dropbear busybox
The file /etc/initramfs-tools/initramfs.conf holds the configuration options used when building the initramfs. It should contain BUSYBOX=y (this is set as the default when the busybox package is installed) to have busybox installed into the initramfs, and should not contain DROPBEAR=n, which would disable installation of dropbear to initramfs. If set to DROPBEAR=y, dropbear will be installed in any case; if DROPBEAR isn't set at all, then dropbear will only be installed in case of an existing cryptroot setup.
| # This service will unlock all ZFS pools at boot time | |
| # It should live in | |
| # /etc/systemd/system/zfs-load-key.service | |
| # Enable it with | |
| # systemctl enable zfs-load-key.service | |
| [Unit] | |
| Description=Load encryption keys | |
| DefaultDependencies=no | |
| Before=zfs-mount.service |
| size:5000000 after:2006/1/1 before:2011/1/1 |
Source: mightypile https://askubuntu.com/a/829835
I do this with asymmetric key encryption. That means I have a public key (that I can share with anyone I'd like to send me encrypted packages) which allows me to encrypt the package. I also have a private key (that I do not share) which allows me to decrypt the package.
My commands to encrypt the current working directory: the -e to encrypt, the -r to specify a "recipient" or key to use, the -o to specify the output file.
$ tar -cvz . | gpg -e -r ABCD1234 -o backup.tgz.gpg
And to decrypt to the current working directory:
| openssl req -newkey rsa:4096 \ | |
| -x509 \ | |
| -sha256 \ | |
| -days 3650 \ | |
| -nodes \ | |
| -out example.crt \ | |
| -keyout example.key |