Crouton: Enkripsi pasca instalasi

Senang mendengar Anda menganggapnya berguna!

Anda memang dapat mengenkripsi chroot setelah dibuat - jalankan saja crouton lagi dengan parameter yang sama dengan yang Anda gunakan untuk membuat chroot, tetapi dengan -u (perbarui) dan -e (enkripsi). Ini akan membuat Anda membuat kata sandi root di Chromium OS jika Anda belum melakukannya, dan kemudian akan meminta Anda untuk kata sandi enkripsi dan mengenkripsi chroot.
Pastikan operasi tidak terganggu; Anda mungkin ingin membuat cadangan chroot terlebih dahulu jika memiliki data penting. Konversi dapat dilanjutkan (jika terputus, jalankan perintah yang sama persis lagi dan itu akan berlanjut dari tempat yang ditinggalkannya), tetapi agak meragukan karena versi ecryptfs Chromium OS memiliki bug dan mungkin tidak menangani interupsi dengan baik. Setelah proses selesai, itu sekuat batu. Begitulah cara saya menggunakan semua chroot saya.

Mengagumkan. Terima kasih banyak atas penjelasan detailnya!

David. Harap tentukan parameter lengkap untuk -e (mengenkripsi) a chroot. Daripada hanya mengatakan "gunakan parameter yang sama seperti yang digunakan untuk membuat chroot", harap jelaskan saja untuk kami numb-sculls.

@bayu_joo ,

Parameter lengkap ke -e (enkripsi) adalah -e
@dnschneid menjelaskan apa yang terjadi di atas tetapi saya telah menyediakannya di bawah juga.

"Ini akan membuat Anda membuat kata sandi root di Chromium OS jika Anda belum melakukannya, dan kemudian akan meminta Anda untuk kata sandi enkripsi dan mengenkripsi chroot."

Lihatlah tampilan penggunaan crouton di bawah ini untuk opsi '-e' dan banyak lainnya.

chronos<strong i="13">@localhost</strong> ~ $ sudo sh ~/Downloads/crouton
crouton [options] -t targets
crouton [options] -f backup_tarball
crouton [options] -d -f bootstrap_tarball

Constructs a chroot for running a more standard userspace alongside Chromium OS.

If run with -f, where the tarball is a backup previously made using edit-chroot,
the chroot is restored and relevant scripts installed.

If run with -d, a bootstrap tarball is created to speed up chroot creation in
the future. You can use bootstrap tarballs generated this way by passing them
to -f the next time you create a chroot with the same architecture and release.

crouton must be run as root unless -d is specified AND fakeroot is
installed AND /tmp is mounted exec and dev.

It is highly recommended to run this from a crosh shell (Ctrl+Alt+T), not VT2.

Options:
    -a ARCH     The architecture to prepare a new chroot or bootstrap for.
                Default: autodetected for the current chroot or system.
    -b          Restore crouton scripts in PREFIX/bin, as required by the
                chroots currently installed in PREFIX/chroots.
    -d          Downloads the bootstrap tarball but does not prepare the chroot.
    -e          Encrypt the chroot with ecryptfs using a passphrase.
                If specified twice, prompt to change the encryption passphrase.
    -f TARBALL  The bootstrap or backup tarball to use, or to download to (-d).
                When using an existing tarball, -a and -r are ignored.
    -k KEYFILE  File or directory to store the (encrypted) encryption keys in.
                If unspecified, the keys will be stored in the chroot if doing a
                first encryption, or auto-detected on existing chroots.
    -m MIRROR   Mirror to use for bootstrapping and package installation.
                Default depends on the release chosen.
                Can only be specified during chroot creation and forced updates
                (-u -u). After installation, the mirror can be modified using
                the distribution's recommended way.
    -M MIRROR2  A secondary mirror, often used for security updates.
                Can only be specified alongside -m.
    -n NAME     Name of the chroot. Default is the release name.
                Cannot contain any slash (/).
    -p PREFIX   The root directory in which to install the bin and chroot
                subdirectories and data.
                Default: /usr/local, with /usr/local/chroots linked to
                /mnt/stateful_partition/crouton/chroots.
    -P PROXY    Set an HTTP proxy for the chroot; effectively sets http_proxy.
                Specify an empty string to remove a proxy when updating.
    -r RELEASE  Name of the distribution release. Default: precise,
                or auto-detected if upgrading a chroot and -n is specified.
                Specify 'help' or 'list' to print out recognized releases.
    -t TARGETS  Comma-separated list of environment targets to install.
                Specify 'help' or 'list' to print out potential targets.
    -T TARGETFILE  Path to a custom target definition file that gets applied to
                the chroot as if it were a target in the crouton bundle.
    -u          If the chroot exists, runs the preparation step again.
                You can use this to install new targets or update old ones.
                Passing this parameter twice will force an update even if the
                specified release does not match the one already installed.
    -V          Prints the version of the installer to stdout.

Be aware that dev mode is inherently insecure, even if you have a strong
password in your chroot! Anyone can simply switch VTs and gain root access
unless you've permanently assigned a Chromium OS root password. Encrypted
chroots require you to set a Chromium OS root password, but are still only as
secure as the passphrases you assign to them.

_Semoga ini membantu,_
- DennisL

@bayu_joo
Saya harap Anda sudah menemukannya sekarang; Saya baru dalam hal ini, dan saya bertanya-tanya tentang hal yang sama, tetapi saya mengotak-atik sedikit dan menemukan jawabannya.
Ketik: chronos @ localhost ~ $ sudo sh ~ / Downloads / crouton -u -e