2024-10-31 20:18:37 +01:00
<!DOCTYPE html> < html lang = "fr" >
< head > < meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" > < title > KVM EndeavourOS avec chiffrement complet du disque LVM sur LUKS2 (Eos-LVM-LUKS) - YannStatic< / title >
< meta name = "description" content = "LUKS est un format standard sur disque pour le chiffrement des disques durs. Il utilise le chiffrage par mappeur de périphérique (dm-crypt) et est implémenté..." >
< link rel = "canonical" href = "https://static.rnmkcy.eu/2024/09/02/KVM-EndeavourOS-Chiffrement-LUKS-LVM.html" > < link rel = "alternate" type = "application/rss+xml" title = "YannStatic" href = "/feed.xml" >
<!-- - include head/favicon.html - -->
< link rel = "shortcut icon" type = "image/png" href = "/assets/favicon/favicon.png" > < link rel = "stylesheet" href = "/assets/css/main.css" > < link rel = "stylesheet" href = "https://use.fontawesome.com/releases/v5.0.13/css/all.css" > <!-- start custom head snippets --> < link rel = "stylesheet" href = "/assets/css/expand.css" >
<!-- end custom head snippets --> < script > ( f u n c t i o n ( ) {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length ; i + + ) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb & & (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining < = 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length ; i + + ) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length ; i + + ) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length ; i + + ) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length ; i + + ) {
for (flag = false, j = 0; j < mData.length ; j + + ) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length ; i + + ) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi & & (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length ; j + + ) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag & & cbs & & cbs.length > 0) {
for (j = 0; j < cbs.length ; j + + ) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length ; i + + ) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback & & (qi.load || qi.callbacks.push(callback));
callback & & (qi.load & & callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length ; i + + ) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) & & (node = createNode('script', { src: url }));
(type === 'css') & & (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
< / script > < script >
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
< / script >
< / head >
< body >
< div class = "root" data-is-touch = "false" >
< div class = "layout--page js-page-root" > <!-- --> < div class = "page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto" >
< div class = "page__main-inner" > < div class = "page__header d-print-none" > < header class = "header" > < div class = "main" >
< div class = "header__title" >
< div class = "header__brand" > < svg id = "svg" version = "1.1" xmlns = "http://www.w3.org/2000/svg" xmlns:xlink = "http://www.w3.org/1999/xlink" width = "400" height = "478.9473684210526" viewBox = "0, 0, 400,478.9473684210526" > < g id = "svgg" > < path id = "path0" d = "M308.400 56 . 805 C 306 . 970 56 . 966 , 303 . 280 57 . 385 , 300 . 200 57 . 738 C 290 . 906 58 . 803 , 278 . 299 59 . 676 , 269 . 200 59 . 887 L 260 . 600 60 . 085 259 . 400 61 . 171 C 258 . 010 62 . 428 , 256 . 198 63 . 600 , 255 . 645 63 . 600 C 255 . 070 63 . 600 , 252 . 887 65 . 897 , 252 . 598 66 . 806 C 252 . 460 67 . 243 , 252 . 206 67 . 600 , 252 . 034 67 . 600 C 251 . 397 67 . 600 , 247 . 206 71 . 509 , 247 . 202 72 . 107 C 247 . 201 72 . 275 , 246 . 390 73 . 190 , 245 . 400 74 . 138 C 243 . 961 75 . 517 , 243 . 598 76 . 137 , 243 . 592 77 . 231 C 243 . 579 79 . 293 , 241 . 785 83 . 966 , 240 . 470 85 . 364 C 239 . 176 86 . 740 , 238 . 522 88 . 365 , 237 . 991 91 . 521 C 237 . 631 93 . 665 , 236 . 114 97 . 200 , 235 . 554 97 . 200 C 234 . 938 97 . 200 , 232 . 737 102 . 354 , 232 . 450 104 . 472 C 232 . 158 106 . 625 , 230 . 879 109 . 226 , 229 . 535 110 . 400 C 228 . 933 110 . 926 , 228 . 171 113 . 162 , 226 . 434 119 . 500 C 226 . 178 120 . 435 , 225 . 795 121 . 200 , 225 . 584 121 . 200 C 225 . 373 121 . 200 , 225 . 200 121 . 476 , 225 . 200 121 . 813 C 225 . 200 122 . 149 , 224 . 885 122 . 541 , 224 . 500 122 . 683 C 223 . 606 123 . 013 , 223 . 214 123 . 593 , 223 . 204 124 . 600 C 223 . 183 126 . 555 , 220 . 763 132 . 911 , 219 . 410 134 . 562 C 218 . 443 135 . 742 , 217 . 876 136 . 956 , 217 . 599 138 . 440 C 217 . 041 141 . 424 , 215 . 177 146 . 434 , 214 . 532 146 . 681 C 214 . 240 146 . 794 , 214 . 000 147 . 055 , 214 . 000 147 . 261 C 214 . 000 147 . 467 , 213 . 550 148 . 086 , 213 . 000 148 . 636 C 212 . 450 149 . 186 , 212 . 000 149 . 893 , 212 . 000 150 . 208 C 212 . 000 151 . 386 , 208 . 441 154 . 450 , 207 . 597 153 . 998 C 206 . 319 153 . 315 , 204 . 913 150 . 379 , 204 . 633 147 . 811 C 204 . 365 145 . 357 , 202 . 848 142 . 147 , 201 . 759 141 . 729 C 200 . 967 141 . 425 , 199 . 200 137 . 451 , 199 . 200 135 . 974 C 199 . 200 134 . 629 , 198 . 435 133 . 224 , 196 . 660 131 . 311 C 195 . 363 129 . 913 , 194 . 572 128 . 123 , 193 . 870 125 . 000 C 193 . 623 123 . 900 , 193 . 236 122 . 793 , 193 . 010 122 . 540 C 190 . 863 120 . 133 , 190 . 147 118 . 880 , 188 . 978 115 . 481 C 188 . 100 112 . 928 , 187 . 151 111 . 003 , 186 . 254 109 . 955 C 185 . 358 108 . 908 , 184 . 518 107 . 204 , 183 . 847 105 . 073 C 183 . 280 103 . 273 , 182 . 497 101 . 329 , 182 . 108 100 . 753 C 181 . 719 100 . 177 , 180 . 904 98 . 997 , 180 . 298 98 . 131 C 179 . 693 97 . 265 , 178 . 939 95 . 576 , 178 . 624 94 . 378 C 178 . 041 92 . 159 , 177 . 125 90 . 326 , 175 . 023 87 . 168 C 174 . 375 86 . 196 , 173 . 619 84 . 539 , 173 . 342 83 . 486 C 172 . 800 81 . 429 , 171 . 529 79 . 567 , 170 . 131 78 . 785 C 169 . 654 78 . 517 , 168 . 697 77 . 511 , 168 . 006 76 . 549 C 167 . 316 75 . 587 , 166 . 594 74 . 800 , 166 . 402 74 . 800 C 166 . 210 74 . 800 , 164 . 869 73 . 633 , 163 . 421 72 . 206 C 160 . 103 68 . 936 , 161 . 107 69 . 109 , 146 . 550 69 . 301 C 133 . 437 69 . 474 , 128 . 581 70 . 162 , 126 . 618 72 . 124 C 126 . 248 72 . 495 , 125 . 462 72 . 904 , 124 . 872 73 . 033 C 124 . 282 73 . 163 , 123 . 088 73 . 536 , 122 . 219 73 . 863 C 121 . 349 74 . 191 , 119 . 028 74 . 638 , 117 . 061 74 . 858 C 113 . 514 75 . 254 , 109 . 970 76 . 350 , 108 . 782 77 . 419 C 107 . 652 78 . 436 , 100 . 146 80 . 400 , 97 . 388 80 . 400 C 95 . 775 80 . 400 , 93 . 167 81 . 360 , 91 . 200 82 . 679 C 90 . 430 83 . 195 , 89 . 113 83 . 804 , 88 . 274 84 . 031 C 85 . 875 84 . 681 , 78 . 799 90 . 910 , 74 . 400 96 . 243 L 73 . 400 97 . 456 73 . 455 106 . 028 C 73 . 526 117 . 055 , 74 . 527 121 . 238 , 77 . 820 124 . 263 C 78 . 919 125 . 273 , 80 . 400 127 . 902 , 80 . 400 128 . 842 C 80 . 400 129 . 202 , 81 . 075 130 . 256 , 81 . 900 131 . 186 C 83 . 563 133 . 059 , 85 . 497 136 . 346 , 86 . 039 138 . 216 C 86 . 233 138 . 886 , 87 . 203 140 . 207 , 88 . 196 141 . 153 C 89 . 188 142 . 098 , 90 . 000 143 . 104 , 90 . 000 143 . 388 C 90 . 000 144 . 337 , 92 . 129 148 . 594 , 92 . 869 149 . 123 C 93 . 271 149 . 410 , 93 . 600 149 . 831 , 93 . 600 150 . 059 C 93 . 600 150 . 286 , 93 . 932 150 . 771 , 94 . 337 151 . 136 C 94 . 743 151 . 501 , 95 . 598 153 . 004 , 96 . 237 154 . 475 C 96 . 877 155 . 947 , 97 . 760 157 . 351 , 98 . 200 157 . 596 C 98 . 640 157 . 841 , 99 . 900 159 . 943 , 101 . 000 162 . 267 C 102 . 207 164 . 817 , 103 . 327 166 . 644 , 103 . 825 166 . 876 C 104 . 278 167 . 087 , 105 . 065 168 . 101 , 105 . 573 169 . 130 C 107 . 658 173 . 348 , 108 . 097 174 . 093 , 110 . 006 176 . 647 C 111 . 103 178 . 114 , 112 . 000 179 . 725 , 112 . 000 180 . 227 C 112 . 000 181 . 048 , 113 . 425 183 . 163 , 114 . 678 184 . 200 C 115 . 295 184 . 711 , 117 . 396 188 . 733 , 117 . 720 190 . 022 C 117 . 855 190 . 562 , 118 . 603 191 . 633 , 119 . 381 192 . 402 C 120 . 160 193 . 171 , 121 . 496 195 . 258 , 122 . 351 197 . 039 C 123 . 206 198 . 820 , 124 . 167 200 . 378 , 124 . 487 200 . 501 C 124 . 807 200 . 624 , 125 . 953 202 . 496 , 127 . 034 204 . 662 C 128 . 114 206 . 828 , 129 . 676 209 . 299 , 130 . 505 210 . 153 C 131 . 333 211 . 007 , 132 . 124 212 . 177 , 132 . 262 212 . 753 C 132 . 618 214 . 239 , 134 . 291 217 . 048 , 136 . 288 219 . 5
" href="/">YannStatic< / a > < / div > <!-- <button class="button button - - secondary button - - circle search - button js - search - toggle"><i class="fas fa - search"></i></button> --> <!-- <li><button class="button button - - secondary button - - circle search - button js - search - toggle"><i class="fas fa - search"></i></button></li> -->
<!-- Champ de recherche -->
< div id = "searchbox" class = "search search--dark" style = "visibility: visible" >
< div class = "main" >
< div class = "search__header" > < / div >
< div class = "search-bar" >
< div class = "search-box js-search-box" >
< div class = "search-box__icon-search" > < i class = "fas fa-search" > < / i > < / div >
< input id = "search-input" type = "text" / >
<!-- <div class="search - box__icon - clear js - icon - clear">
< a > < i class = "fas fa-times" > < / i > < / a >
< / div > -->
< / div >
< / div >
< / div >
< / div >
<!-- Script pointing to search - script.js -->
< script > / * !
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen ; i + + ) {
var nch = needle.charCodeAt(i);
while (j < tlen ) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len ; i + + ) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length & & matches . length < opt . limit ; i + + ) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) & & strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len ; i + + ) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 & & xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' & & params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object & & JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '< li > < a href = "{url}" title = "{desc}" > {title}< / a > < / li > ',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' & & options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len ; i + + ) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query & & query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
< / script >
<!-- Configuration -->
< script >
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '< li > < a href = "https://static.rnmkcy.eu{url}" > {date} {title}< / a > < / li > '
searchResultTemplate: '< li > < a href = "{url}" > {date} {title}< / a > < / li > '
})
< / script >
<!-- Fin déclaration champ de recherche --> < / div > < nav class = "navigation" >
< ul > < li class = "navigation__item" > < a href = "/archive.html" > Etiquettes< / a > < / li > < li class = "navigation__item" > < a href = "/htmldoc.html" > Documents< / a > < / li > < li class = "navigation__item" > < a href = "/liens_ttrss.html" > Liens< / a > < / li > < li class = "navigation__item" > < a href = "/aide-jekyll-text-theme.html" > Aide< / a > < / li > < / ul >
< / nav > < / div >
< / header >
< / div > < div class = "page__content" > < div class = "main" > < div class = "grid grid--reverse" >
< div class = "col-main cell cell--auto" > <!-- start custom main top snippet --> < div id = "results-container" class = "search-result js-search-result" > < / div > <!-- end custom main top snippet -->
< article itemscope itemtype = "http://schema.org/Article" > < div class = "article__header" > < header > < h1 style = "color:Tomato;" > KVM EndeavourOS avec chiffrement complet du disque LVM sur LUKS2 (Eos-LVM-LUKS)< / h1 > < / header > < / div > < meta itemprop = "headline" content = "KVM EndeavourOS avec chiffrement complet du disque LVM sur LUKS2 (Eos-LVM-LUKS)" > < div class = "article__info clearfix" > < ul class = "left-col menu" > < li >
2024-11-08 14:10:33 +01:00
< a class = "button button--secondary button--pill button--sm" style = "color:#00FFFF" href = "/archive.html?tag=virtuel" > virtuel< / a >
2024-10-31 20:18:37 +01:00
< / li > < li >
2024-11-08 14:10:33 +01:00
< a class = "button button--secondary button--pill button--sm" style = "color:#00FFFF" href = "/archive.html?tag=chiffrement" > chiffrement< / a >
2024-10-31 20:18:37 +01:00
< / li > < li >
2024-11-08 14:10:33 +01:00
< a class = "button button--secondary button--pill button--sm" style = "color:#00FFFF" href = "/archive.html?tag=lvm" > lvm< / a >
2024-10-31 20:18:37 +01:00
< / li > < / ul > < ul class = "right-col menu" > < li >
< i class = "far fa-calendar-alt" > < / i > < span title = "Création" style = "color:#FF00FF" > 2 sept. 2024< / span >
< span title = "Modification" style = "color:#00FF7F" > 17 sept. 2024< / span > < / li > < / ul > < / div > < meta itemprop = "datePublished" content = "2024-09-17T00:00:00+02:00" >
< meta itemprop = "keywords" content = "virtuel,chiffrement,lvm" > < div class = "js-article-content" >
< div class = "layout--article" > <!-- start custom article top snippet -->
< style >
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
< / style >
< button onclick = "topFunction()" id = "myBtn" title = "Haut de page" > ⇧ < / button >
< script >
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
< / script >
<!-- end custom article top snippet -->
< div class = "article__content" itemprop = "articleBody" > < details >
< summary > < b > Afficher/cacher Sommaire< / b > < / summary >
<!-- affichage sommaire -->
< div class = "toc-aside js-toc-root" > < / div >
< / details > < p > < strong > LUKS< / strong > est un format standard sur disque pour le chiffrement des disques durs. Il utilise le chiffrage par mappeur de périphérique (dm-crypt) et est implémenté en tant que module du noyau pour gérer le chiffrage au niveau du périphérique de bloc.< br / >
< strong > LVM< / strong > est un outil de gestion des volumes logiques qui comprend l’ allocation de disques, le striping, le mirroring et le redimensionnement des volumes logiques.< / p >
< p > < strong > LUKS< / strong > peut être utilisé avec < strong > LVM< / strong > pour créer des volumes extensibles/chiffrés. L’ une des options les plus robustes et les plus extensibles consiste à créer un volume chiffré à l’ intérieur d’ un volume logique.< / p >
< ul >
< li > créez un groupe de volumes LVM d’ un ou plusieurs disques< / li >
< li > utiliser le groupe de volumes pour créer des volumes logiques LVM< / li >
< li > appliquer le chiffrage au système de fichiers des volumes logiques LVM< / li >
< / ul >
< p > < em > L’ utilisation d’ un volume logique permet de monter les disques au démarrage et peut être étendu dynamiquement sans sacrifier la sécurité.< / em > < / p >
< p > < img src = "/images/vmm-logo.png" alt = "" height = "100" / > < br / >
< img src = "/images/EndeavourOS_Logo.png" alt = "" height = "100" / > < img src = "/images/luks-logo-blanc.png" alt = "" / > < / p >
< h2 id = "machine-virtuelle-endeavouros" > Machine virtuelle EndeavourOS< / h2 >
< p class = "info" > Chiffrement complet du disque : < a href = "https://fr.wikipedia.org/wiki/Gestion_par_volumes_logiques" > LVM< / a > < strong > on< / strong > < a href = "https://fr.wikipedia.org/wiki/LUKS" > LUKS< / a > avec une partition d’ accueil (home) séparée et hibernation avec un fichier d’ échange (swap)< / p >
< h3 id = "eos-chiffré-luks-sur-lvm" > EOS chiffré LUKS sur LVM< / h3 >
< p > Pour une installation dans un environnement virtuel, créer en ligne de commande un disque dans la zone de travail < code class = "language-plaintext highlighter-rouge" > ~/virtuel/KVM/< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > qemu-img create -f qcow2 eos-lvm-luks-1.qcow2 30G
< / code > < / pre > < / div > < / div >
< p > Ouvrir le gestionnaire Virtual Machine Manager pour création< / p >
< ul >
< li > Nom : EndeavourOS< / li >
< li > Description : Chiffre : FlouseTyponSigle , Log/mp :eos/eos49< / li >
< li > Processeurs : 2< / li >
< li > Mémoire : 4096 Mo< / li >
< li > VirtIO Disque 1 : eos-lvm-luks-1.qcow2< / li >
< li > SATA CD-ROM 1 : ~/FreeUSB2To/iso/EndeavourOS_Endeavour-2024.06.25.iso< / li >
< li > Options de démarrage
< ul >
< li > 1 SATA CD-ROM 1< / li >
< li > 2 VirtIO Disque 1< / li >
< / ul >
< / li >
< li > Réseau : Bridge “host-tenda” 192.168.10.0/24< / li >
< li > Détails de l’ hyperviseur
< ul >
< li > Hyperviseur: KVM< / li >
< li > Architecture: x86_64< / li >
< li > Emulateur: /usr/bin/qemu-system-x86_64< / li >
< li > Chipset: Q35< / li >
< li > Firmware:UEFI< / li >
< / ul >
< / li >
< / ul >
< p > Sélectionner la machine virtuelle < strong > Eos-LVM-LUKS< / strong > puis démarrer la machine virtuelle : < strong > Machine virtuelle – > Démarrer< / strong > < / p >
< p > Suivre les procédures suivantes en remplacant < strong > sda< / strong > par < strong > vda< / strong > :< / p >
< ol >
< li > < a href = "/2024/09/11/EndeavourOS-Dell_Latitude_e6230-LVM_sur_LUKS.html#endeavouros-temporaire" > EndeavourOS temporaire< / a > < / li >
< li > < a href = "/2024/09/11/EndeavourOS-Dell_Latitude_e6230-LVM_sur_LUKS.html#endeavouros-chiffré-lvmluks" > EndeavourOS chiffré LVM/LUKS< / a > < / li >
< li > Forcer l’ extinction de la machine virtuelle et modifier les options de démarrage < br / >
< img src = "/images/kvm-eos-lvm-luks016.png" alt = "" width = "600" / > < / li >
< / ol >
< h3 id = "endeavouros-xfce4" > EndeavourOS XFCE4< / h3 >
< p > Sélectionner la machine virtuelle < strong > EndeavourOS< / strong > < br / >
Démarrer la machine virtuelle : < strong > Machine virtuelle – > Démarrer< / strong > < / p >
< p > Démarrage système < br / >
< img src = "/images/kvm-eos-lvm-luks017.png" alt = "" width = "600" / > < br / >
Il faut saisir la phrase mot de passe pour déchiffrer le disque système< / p >
< p > On arrive sur la page de connexion utilisateur “eos”< br / >
< img src = "/images/kvm-eos-lvm-luks018.png" alt = "" width = "600" / > < br / >
Saisir mot de passe< / p >
< p > Changer la résolution d’ affichage : 1440x900
< img src = "/images/kvm-eos-lvm-luks019.png" alt = "" width = "700" / > < / p >
< h3 id = "utilisateur-droits-sudo" > Utilisateur droits sudo< / h3 >
< p > Modifier sudoers pour accès sudo sans mot de passe à l’ utilisateur “eos”< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > su < span class = "c" > # mot de passe root identique utilisateur< / span >
< span class = "nb" > echo< / span > < span class = "s2" > "yano ALL=(ALL) NOPASSWD: ALL"< / span > < span class = "o" > > > < / span > /etc/sudoers.d/20-yano
< / code > < / pre > < / div > < / div >
< h3 id = "historique-ligne-de-commande" > Historique ligne de commande< / h3 >
< p > Ajoutez la recherche d’ historique de la ligne de commande au terminal< br / >
Se connecter en utilisateur< br / >
Tapez un début de commande précédent, puis utilisez shift + up (flèche haut) pour rechercher l’ historique filtré avec le début de la commande.< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "c" > # Global, tout utilisateur< / span >
< span class = "nb" > echo< / span > < span class = "s1" > '"\e[1;2A": history-search-backward'< / span > | < span class = "nb" > sudo tee< / span > < span class = "nt" > -a< / span > /etc/inputrc
< span class = "nb" > echo< / span > < span class = "s1" > '"\e[1;2B": history-search-forward'< / span > | < span class = "nb" > sudo tee< / span > < span class = "nt" > -a< / span > /etc/inputrc
< / code > < / pre > < / div > < / div >
< h3 id = "activation-ssh-avec-clés" > Activation SSH avec clés< / h3 >
< p > < strong > Etablir une liaison temporaire SSH< / strong > < / p >
< p > Pour un accès sur la machine via SSH depuis un poste distant< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "c" > # Lancer et activer le service : < / span >
< span class = "nb" > sudo < / span > systemctl < span class = "nb" > enable < / span > sshd < span class = "nt" > --now< / span >
< span class = "c" > # Ouvrir le port 22 firewall: < / span >
< span class = "nb" > sudo < / span > firewall-cmd < span class = "nt" > --zone< / span > < span class = "o" > =< / span > public < span class = "nt" > --add-port< / span > < span class = "o" > =< / span > 22/tcp < span class = "nt" > --permanent< / span >
< / code > < / pre > < / div > < / div >
< p > Relever l’ adresse ip de la machine : < code class = "language-plaintext highlighter-rouge" > ip a< / code > 192.168.10.155 dans notre cas< / p >
< p > Se connecter depuis un poste distant < code class = "language-plaintext highlighter-rouge" > ssh yano@192.168.10.155< / code > < / p >
< p > /etc/motd< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > __ __ _ _ _ _ _ _
| \/ | __ _ __ | |_ (_) _ _ ___ __ __(_) _ _ | |_ _ _ ___ | || | ___
| |\/| |/ _` |/ _|| ' \ | || ' \ / -_) \ V /| || '_|| _|| || |/ -_)| || |/ -_)
|_| |_|\__,_|\__||_||_||_||_||_|\___| \_/ |_||_| \__| \_,_|\___||_||_|\___|
___ _ __ __ __ __ _ _ _ _ __ ___
| __| ___ ___ ___ | | \ \ / /| \/ | ___ | | | | | || |/ // __|
| _| / _ \(_-< |___|| |__\ V / | |\/| ||___|| |__| |_| || ' < \__ \
|___|\___//__/ |____|\_/ |_| |_| |____|\___/ |_|\_\|___/
_ ___ ___ _ __ ___ _ __ _ ___ ___
/ |/ _ \|_ ) / | / / ( _ ) / | / \ / || __|| __|
| |\_, / / / _ | |/ _ \/ _ \ _ | || () |_ | ||__ \|__ \
|_| /_/ /___|(_)|_|\___/\___/(_)|_| \__/(_)|_||___/|___/
< / code > < / pre > < / div > < / div >
< p > < strong > SSH avec clés< / strong > < / p >
< p > < strong > A - Poste appelant< / strong > < br / >
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) nommé < strong > vm-Eos-LVM-LUKS< / strong > pour une liaison SSH avec la vm EndeavourOS.< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh-keygen < span class = "nt" > -t< / span > ed25519 < span class = "nt" > -o< / span > < span class = "nt" > -a< / span > 100 < span class = "nt" > -f< / span > ~/.ssh/vm-Eos-LVM-LUKS
< / code > < / pre > < / div > < / div >
< p > Envoyer les clés depuis le poste distant< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh-copy-id < span class = "nt" > -i< / span > ~/.ssh/vm-Eos-LVM-LUKS.pub yano@192.168.10.155
< / code > < / pre > < / div > < / div >
< p > On se connecte sur la machine< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh yano@192.168.10.155
< / code > < / pre > < / div > < / div >
< p > < strong > B - Machine virtuelle EndeavourOS< / strong > < br / >
Modification fichier configuration ssh sur le dell vm-Eos-LVM-LUKS< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > nano /etc/ssh/sshd_config
< / code > < / pre > < / div > < / div >
< p > Port et authentification< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > Port 55155
PasswordAuthentication no
< / code > < / pre > < / div > < / div >
< p > < code class = "language-plaintext warning highlighter-rouge" > IL FAUT ACTIVER LE PORT 55155 EN ZONE "PUBLIC" DU PAREFEU !< / code > < / p >
< p > Ajouter le nouveau port à la zone configurée de firewalld (“public” par défaut).< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > firewall-cmd < span class = "nt" > --zone< / span > < span class = "o" > =< / span > public < span class = "nt" > --add-port< / span > < span class = "o" > =< / span > 55155/tcp < span class = "nt" > --permanent< / span >
< span class = "nb" > sudo < / span > systemctl restart firewalld
< / code > < / pre > < / div > < / div >
< p > Redémarrer sshd< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > systemctl restart sshd
< / code > < / pre > < / div > < / div >
< p > Se connecter sur la machine virtuelle “EndeavourOS” depuis le poste appelant< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > ssh yano@192.168.10.155 < span class = "nt" > -p< / span > 55155 < span class = "nt" > -i< / span > /home/yann/.ssh/vm-Eos-LVM-LUKS
< / code > < / pre > < / div > < / div >
< h3 id = "plymouth" > Plymouth< / h3 >
< p > < a href = "/2023/10/14/Plymouth_Processus_de_demarrage_graphique.html" > Plymouth - Processus de démarrage graphique< / a > < / p >
< p > Installer plymouth< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > yay -S plymouth plymouth-theme-endeavouros
< / code > < / pre > < / div > < / div >
< p > Ajouter < code class = "language-plaintext highlighter-rouge" > splash quiet< / code > aux options du noyau kernel dans le fichier < code class = "language-plaintext highlighter-rouge" > /etc/kernel/cmdline< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > nvme_load=YES nowatchdog rw splash quiet rd.luks.uuid=1a5bfb32-65d4-4c92-97b8-59b8881f6ffa root=/dev/mapper/luks-1a5bfb32-65d4-4c92-97b8-59b8881f6ffa
< / code > < / pre > < / div > < / div >
< p > Regénérer le noyau et redémarrer< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > reinstall-kernels
< span class = "nb" > sudo < / span > systemctl reboot
< / code > < / pre > < / div > < / div >
< p > Nouvel écran pour la saisie de la phrase de déchiffrement< br / >
< img src = "/images/kvm-eos-lvm-luks020.png" alt = "" width = "700" / > < / p >
< h3 id = "clé-fido-pour-déchiffrer" > Clé FIDO pour déchiffrer< / h3 >
< p > Installer la librairie libfido : < code class = "language-plaintext highlighter-rouge" > yay -S libfido2< / code >
Vérifier que la YubiKey 29 085 988 est insérée dans un port USB de la machine hôte< br / >
Sur la fenêtre de la machine virtuelle < strong > EndeavourOS sur QEMU/KVM< / strong > ckisur sur Machine -virtuelle – > Rediriger un Périphèrique USB, sélectionner Yubico Yubikey…< / p >
< p class = "warning" > Si problème voir < a href = "/2023/05/29/PC1-EndeavourOS-XFCE-ASUS_H110M_A-nvme_1To-LVM-Chiffre.html#erreur-de-redirection-usb" > Erreur de redirection USB< / a > < / p >
< p > Lister présence clé : < code class = "language-plaintext highlighter-rouge" > systemd-cryptenroll --fido2-device=list< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > PATH MANUFACTURER PRODUCT
/dev/hidraw2 Yubico YubiKey OTP+FIDO+CCID
< / code > < / pre > < / div > < / div >
< p > Enroler la clé, la phrase de passe du disque est demandée. Le disque chiffré est < code class = "language-plaintext highlighter-rouge" > /dev/vda2< / code > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo systemd-cryptenroll --fido2-device=auto /dev/vda2
< / code > < / pre > < / div > < / div >
< p > < img src = "/images/kvm-eos-lvm-luks021.png" alt = "" width = "700" / >
Répéter l’ opération si vous avez plusieurs clés< / p >
< p > < strong > Prise en charge FIDO2 (crypttab)< / strong > < / p >
< p > Le fichier < code class = "language-plaintext highlighter-rouge" > /etc/crypttab< / code > contient la liste des périphériques à déverrouiller automatiquement.< br / >
Chaque ligne du fichier crypttab est de la forme :< br / >
< code class = "language-plaintext highlighter-rouge" > < target name> < source device> < key file> < options> < / code > < / p >
< ul >
< li > < code class = "language-plaintext highlighter-rouge" > < target name> < / code > : Nom à donner au mappage (/dev/mapper/name), dans le cas présent “secret”< / li >
< li > < code class = "language-plaintext highlighter-rouge" > < source device> < / code > : l’ identifiant du container luks, sous la forme UUID=< / li >
< li > < code class = "language-plaintext highlighter-rouge" > < key file> < / code > : chemin absolu vers le ficher de phrase de passe. Si le déverrouillage doit s’ effectuer par saisie d’ un mot de passe, indiquer “none”< / li >
< li > < code class = "language-plaintext highlighter-rouge" > < options> < / code > : liste d’ options séparées par des virgules, par exemple luks, discard pour un chiffrage luks et autoriser l’ utilisation de la commane fstrim ou discard au niveau du container. L’ option keyscript= donne la possibilité d’ exécuter un script ou une commande avec le chemin vers le fichier de passe de phrase (paramètre password précédent) fourni comme argument.< / li >
< / ul >
< p > Configurer < code class = "language-plaintext highlighter-rouge" > /etc/crypttab< / code > pour la prise en charge FIDO2 en ajoutant < code class = "language-plaintext highlighter-rouge" > fido2-device=auto< / code > < / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > nano /etc/crypttab
< / code > < / pre > < / div > < / div >
< p > La quatrième colonne < strong > luks< / strong > est remplacée par < strong > luks,fido2-device=auto< / strong > < / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # < name> < device> < password> < options>
cryptlvm UUID=fd697d34-89c6-4779-8b7d-30a4e9908876 none luks,fido2-device=auto,token-timeout=10
< / code > < / pre > < / div > < / div >
< p > Option < code class = "language-plaintext highlighter-rouge" > token-timeout=10< / code > : Dans le cas ou pas de clé insérée, 10 s après on affiche la demande de mot de passe< / p >
< p > systemd-cryptenroll peut lister les keyslots d’ un périphérique LUKS, de manière similaire à < code class = "language-plaintext highlighter-rouge" > cryptsetup luksDump< / code > , mais dans un format plus convivial.< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > sudo systemd-cryptenroll /dev/vda2
< / code > < / pre > < / div > < / div >
< p > Résultat pour disque déchiffrable avec une phrase et 3 clés FIDO2< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > SLOT TYPE
0 password
1 fido2
< / code > < / pre > < / div > < / div >
< p > Sauvegarder et quitter.< / p >
< p > Reconstruire le noyau et redémarrer< / p >
< div class = "language-bash highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > < span class = "nb" > sudo < / span > reinstall-kernels
< span class = "nb" > sudo < / span > systemctl reboot
< / code > < / pre > < / div > < / div >
< p > < strong > Dernières remarques< / strong > < / p >
< p > A ce stade, nous avons terminé. Redémarrez votre machine et elle vous demandera votre YubiKey et vous permettra de déverrouiller votre patition racine chiffrée LUKS avec elle. Si vous n’ avez pas votre YubiKey, le message suivant apparaîtra :< / p >
< p > < code class = "language-plaintext highlighter-rouge" > Security token not present for unlocking volume root (nvme0n1p3_crypt), please plug it in.< / code > < / p >
< p > Au bout d’ environ 30 secondes, le délai d’ attente est dépassé et le message suivant s’ affiche :< / p >
< p > < code class = "language-plaintext highlighter-rouge" > Timed out waiting for security device, aborting security device based authentication attempt.< / code > < / p >
< p > Ensuite, il vous permettra de déverrouiller la partition à l’ aide d’ un mot de passe (ou d’ une clé de récupération).< / p >
< p > En cas de problème, ajoutez < code class = "language-plaintext highlighter-rouge" > rd.break=initqueue< / code > à la ligne de commande du noyau, et dracut entrera dans un shell avant de tenter de monter les partitions. Vous pouvez monter manuellement le disque en utilisant la commande suivante :< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > # /usr/lib/systemd/systemd-cryptsetup attach root /dev/nvme0n1p2
< / code > < / pre > < / div > < / div >
< p > Quittez le shell d’ urgence et le système continuera son démarrage normal.< / p >
< h3 id = "déverrouiller-sa-session-linux-avec-une-yubikey" > Déverrouiller sa session Linux avec une Yubikey< / h3 >
< ul >
< li > < a href = "/2023/07/01/Yubikey.html#déverrouiller-sa-session-linux-avec-une-yubikey" > Déverrouiller sa session Linux avec une Yubikey< / a > < / li >
< / ul >
< h3 id = "partage-répertoire-hôte-avec-un-invité" > Partage répertoire hôte avec un invité< / h3 >
< p > EndeavourOS est installé sur une machine virtuelle QEMU/KVM< / p >
< ul >
< li > < a href = "/2022/04/12/QEMU_KVM+virtio-fs-Partager_un_repertoire_hote_avec_une_machine_virtuelle.md.html#partage-répertoire-hôte-avec-un-invité" > QEMU/KVM + virtio-fs - Partager un répertoire hôte avec une machine virtuelle< / a > < / li >
< / ul >
< h3 id = "copiercoller-entre-hôte-et-invité" > Copier/Coller entre hôte et invité< / h3 >
< p > Il faut installer < strong > spice-vdagent< / strong > sur l’ invité< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > yay -S spice-vdagent
< / code > < / pre > < / div > < / div >
< h3 id = "wireguard" > Wireguard< / h3 >
< p > Installer application vpn< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > yay -S wireguard-tools
< / code > < / pre > < / div > < / div >
< p > Paramétrage NetworkManager par importation d’ un fichier de configuration wireguard< br / >
< img src = "/images/nm-wg01.png" alt = "" width = "400" / > < br / >
< img src = "/images/nm-wg02.png" alt = "" width = "400" / > < br / >
< img src = "/images/nm-wg03.png" alt = "" width = "300" / > < br / >
< img src = "/images/nm-wg04.png" alt = "" width = "300" / > < br / >
< img src = "/images/nm-wg05.png" alt = "" width = "300" / > < br / >
< img src = "/images/nm-wg06.png" alt = "" width = "500" / > < br / >
< img src = "/images/nm-wg07.png" alt = "" width = "400" / > < br / >
< img src = "/images/nm-wg08.png" alt = "" width = "400" / > < / p >
< p > Si la configuration est bien prise en compte, un cadenas est ajouté sur l’ icône de connexion réseau< / p >
< p > Vérifier par le navigateur< br / >
< img src = "/images/nm-wg09.png" alt = "" / > < / p >
< p > En ligne de commande< br / >
< img src = "/images/nm-wg10.png" alt = "" / > < / p >
< h3 id = "firejail-option" > Firejail (OPTION)< / h3 >
< p > < em > Firejail est un logiciel de sandboxing pour les systèmes d’ exploitation Linux. Il permet d’ exécuter des applications dans un environnement isolé du système d’ exploitation hôte.
Cela fonctionne quelque soit le type d’ application (en ligne de commande ou graphique)< br / >
Le principe de Firejail est de créer un environnement de sécurité en lançant une application dans une boîte isolée (sandbox) où elle ne peut accéder qu’ aux ressources autorisées. Ce logiciel repose sur les fonctionnalités du noyau Linux.< / em > < / p >
< ul >
< li > https://github.com/netblue30/firejail< / li >
< li > https://firejail.wordpress.com/< / li >
< li > < a href = "https://fr.linux-console.net/?p=16907" > Comment installer et utiliser Firejail dans Ubuntu< / a > < / li >
< li > < a href = "https://wiki.archlinux.org/title/Firejail" > Archlinux firejail< / a > < / li >
< li > < a href = "https://www.linuxtricks.fr/wiki/firejail-lancez-vos-applications-en-bac-a-sable" > firejail : Lancez vos applications en bac à sable< / a > < / li >
< / ul >
< p > Archlinux< / p >
< div class = "language-plaintext highlighter-rouge" > < div class = "highlight" > < pre class = "highlight" > < code > extra/firetools 0.9.72-2 (215.5 KiB 519.3 KiB)
Graphical user interface of Firejail
extra/firejail 0.9.72-3 (564.1 KiB 2.3 MiB)
Linux namespaces sandbox program
< / code > < / pre > < / div > < / div >
< p > Installation : yay -S firetools< / p >
< / div >
< div class = "d-print-none" > < footer class = "article__footer" > < meta itemprop = "dateModified" content = "2024-09-02T00:00:00+02:00" > <!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
< div align = "right" > < a type = "application/rss+xml" href = "/feed.xml" title = "S'abonner" > < i class = "fa fa-rss fa-2x" > < / i > < / a >
  < / div >
-->
< / footer >
< div class = "article__section-navigator clearfix" > < div class = "previous" > < span > PRÉCÉDENT< / span > < a href = "/2024/08/30/EndeavourOS-Dell_Latitude_e6230-Chiffre.html" > Dell Latitude e6230 - EndeavourOS XFCE chiffré< / a > < / div > < div class = "next" > < span > SUIVANT< / span > < a href = "/2024/09/07/EndeavourOS-PlasmaKDE-Dell_Latitude_e6230-Chiffre.html" > Dell Latitude e6230 - EndeavourOS Plasma KDE chiffré< / a > < / div > < / div > < / div >
< / div >
< script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('< a class = "anchor d-print-none" aria-hidden = "true" > < / a > ').html('< i class = "fas fa-anchor" > < / i > '));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
< / script >
< / div > < section class = "page__comments d-print-none" > < / section > < / article > <!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
< / div >
< / div > < / div > < / div > < / div >
< / div > < script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 & & ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll & & window.hasEvent('touchstart') & & $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 & & activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 & & ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll & & window.hasEvent('touchstart') & & $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange & & onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
< / script > < div class = "modal modal--overflow page__search-modal d-print-none js-page-search-modal" > < script >
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow & & search.onShow();
useDefaultSearchBox & & $searchInput[0] & & $searchInput[0].focus();
} else {
search.onShow & & search.onHide();
useDefaultSearchBox & & $searchInput[0] & & $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox & & ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear & & search.clear();
window.pageAsideAffix & & window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible & & !window.isFormElement(e.target || e.srcElement) & & (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear & & search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty & & search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear & & search.clear();
});
}
});
})();
< / script > < div class = "search search--dark" >
< div class = "main" >
< div class = "search__header" > Recherche< / div >
< div class = "search-bar" >
< div class = "search-box js-search-box" >
< div class = "search-box__icon-search" > < i class = "fas fa-search" > < / i > < / div >
< input id = "search-input" type = "text" / >
< div class = "search-box__icon-clear js-icon-clear" >
< a > < i class = "fas fa-times" > < / i > < / a >
< / div >
< / div >
< button class = "button button--theme-dark button--pill search__cancel js-search-toggle" >
Annuler< / button >
< / div >
< div id = "results-container" class = "search-result js-search-result" > < / div >
< / div >
< / div >
<!-- Script pointing to search - script.js -->
< script > / * !
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen ; i + + ) {
var nch = needle.charCodeAt(i);
while (j < tlen ) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) & & Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len ; i + + ) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length & & matches . length < opt . limit ; i + + ) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) & & strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len ; i + + ) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 & & xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' & & params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object & & JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '< li > < a href = "{url}" title = "{desc}" > {title}< / a > < / li > ',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' & & options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len ; i + + ) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query & & query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
< / script >
<!-- Configuration -->
< script >
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '< p > Aucun résultat!< / p > ',
json: '/search.json',
searchResultTemplate: '< li > < a href = "{url}" > {date} {title}< / a > (Création {create})< / li > '
})
< / script >
< / div > < / div >
< script > ( f u n c t i o n ( ) {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback & & callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom & & (offsetBottom = _options.offsetBottom);
_options.scrollTarget & & (scrollTarget = _options.scrollTarget);
_options.scroll & & (scroll = _options.scroll);
_options.disabled !== undefined & & (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc & & preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop & & scrollTop < = scrollBottom) {
fixed();
} else if (scrollTop < rootTop ) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('< ul class = "toc toc--ellipsis" > < / ul > '), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors & & (selectors = _options.selectors);
_options.container & & (container = _options.container);
_options.scrollTarget & & (scrollTarget = _options.scrollTarget);
_options.scroller & & (scroller = _options.scroller);
_options.disabled !== undefined & & (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1 ) { return ; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length ; i + + ) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast & & $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('< li > < / li > ').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('< a > < / a > ').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
< / script > < script >
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc & & toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix & & affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
< / script > <!-- -->
< / div >
< script > ( f u n c t i o n ( ) {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
< / script >
< / body >
< / html >