yann/yannstatic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2206546b76
yannstatic/static/2022/10/26/EndeavourOS-Chiffrement-LUKS-LVM.html

2695 lines
248 KiB
HTML
Raw Normal View History

first commit
2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>TEST VM EndeavourOS avec chiffrement complet du disque LVM sur LUKS - YannStatic</title>
<meta name="description" content="LUKS est un format standard sur disque pour le chiffrement des disques durs. Il utilise le chiffrage par mappeur de périphérique (dm-crypt) et est implémenté...">
<link rel="canonical" href="https://static.rnmkcy.eu/2022/10/26/EndeavourOS-Chiffrement-LUKS-LVM.html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/aide-jekyll-text-theme.html">Aide</a></li></ul>
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">TEST VM EndeavourOS avec chiffrement complet du disque LVM sur LUKS</h1></header></div><meta itemprop="headline" content="TEST VM EndeavourOS avec chiffrement complet du disque LVM sur LUKS"><div class="article__info clearfix"><ul class="left-col menu"><li>
<a class="button button--secondary button--pill button--sm"
href="/archive.html?tag=virtuel">virtuel</a>
</li><li>
<a class="button button--secondary button--pill button--sm"
href="/archive.html?tag=chiffrement">chiffrement</a>
</li><li>
<a class="button button--secondary button--pill button--sm"
href="/archive.html?tag=lvm">lvm</a>
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">26&nbsp;oct.&nbsp;&nbsp;2022</span>
<span title="Modification" style="color:#00FF7F">15&nbsp;déc.&nbsp;&nbsp;2023</span></li></ul></div><meta itemprop="datePublished" content="2023-12-15T00:00:00+01:00">
<meta itemprop="keywords" content="virtuel,chiffrement,lvm"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><p><strong>LUKS</strong> est un format standard sur disque pour le chiffrement des disques durs. Il utilise le chiffrage par mappeur de périphérique (dm-crypt) et est implémenté en tant que module du noyau pour gérer le chiffrage au niveau du périphérique de bloc.<br />
<strong>LVM</strong> est un outil de gestion des volumes logiques qui comprend lallocation de disques, le striping, le mirroring et le redimensionnement des volumes logiques.</p>
<p><strong>LUKS</strong> peut être utilisé avec <strong>LVM</strong> pour créer des volumes extensibles/chiffrés. Lune des options les plus robustes et les plus extensibles consiste à créer un volume chiffré à lintérieur dun volume logique.</p>
<ul>
<li>créez un groupe de volumes LVM dun ou plusieurs disques</li>
<li>utiliser le groupe de volumes pour créer des volumes logiques LVM</li>
<li>appliquer le chiffrage au système de fichiers des volumes logiques LVM</li>
</ul>
<p><em>Lutilisation dun volume logique permet de monter les disques au démarrage et peut être étendu dynamiquement sans sacrifier la sécurité.</em></p>
<p><img src="/images/vmm-logo.png" alt="" height="100" /><br />
<img src="/images/EndeavourOS_Logo.png" alt="" height="100" /> <img src="/images/luks-logo-blanc.png" alt="" /></p>
<h2 id="endeavouros---installation-chiffrée-luks-sur-lvm">EndeavourOS - Installation chiffrée LUKS sur LVM</h2>
<p>Chiffrement complet du disque : <a href="https://fr.wikipedia.org/wiki/Gestion_par_volumes_logiques">LVM</a><strong>on</strong><a href="https://fr.wikipedia.org/wiki/LUKS">LUKS</a> avec une partition daccueil (home) séparée et hibernation avec un fichier déchange (swap)</p>
<blockquote>
<p>Remarque : Si vous navez pas nécessairement besoin dune partition home séparée, le tutoriel fourni dans larticle du wiki “<a href="https://discovery.endeavouros.com/encrypted-installation/encrypted-installation/2021/03/">Encrypted installation</a>” peut suffire. À lexception de la création du fichier déchange, il repose entièrement sur les outils graphiques .</p>
</blockquote>
<p>Ce que vous obtiendrez au final :</p>
<ul>
<li>LVMonLUKS - partition unique entièrement chiffrée LUKS contenant deux volumes logiques (partitions « virtuelles »)
<ul>
<li>(1) un volume logique (lv) contenant un système de fichiers ext4 avec /boot, /root</li>
<li>(2) un lv séparé (ext4) pour /home</li>
</ul>
</li>
<li>espace libre facultatif dans le groupe de volumes pour contenir des <a href="https://wiki.archlinux.org/index.php/LVM#Snapshots">instantanés lvm</a> et/ou éventuellement <a href="https://wiki.archlinux.org/index.php/LVM#Resizing_the_logical_volume_and_file_system_separately">étendre/réduire</a> les volumes logiques ultérieurement</li>
<li>fichier déchange, avec la possibilité dhiberner</li>
</ul>
<p class="info">Ce qui suit est un tutoriel sur la configuration de ce type de système à laide de calamares (linstallateur EOS) et du cli.</p>
<h3 id="prérequis">Prérequis</h3>
<p>Pour une installation dans un environnement virtuel, créer en ligne de commande un disque : <code class="language-plaintext highlighter-rouge">qemu-img create -f qcow2 eos-lvm-luks.qcow2 30G</code> dans la zone de travail <code class="language-plaintext highlighter-rouge">~/virtuel/KVM/</code></p>
<details>
<summary><b>Etendre Réduire le fichier xml de base pour VMM</b></summary>
<figure class="highlight"><pre><code class="language-xml" data-lang="xml">
<span class="nt">&lt;domain</span> <span class="na">type=</span><span class="s">"kvm"</span><span class="nt">&gt;</span>
<span class="nt">&lt;name&gt;</span>archlinux<span class="nt">&lt;/name&gt;</span>
<span class="nt">&lt;uuid&gt;</span>f6320546-6afe-4b28-8982-935aac9e4f84<span class="nt">&lt;/uuid&gt;</span>
<span class="nt">&lt;title&gt;</span>EndeavourOS chiffr<span class="ni">&amp;#xE9;</span> LUKS2<span class="nt">&lt;/title&gt;</span>
<span class="nt">&lt;description&gt;</span>FlouseTypon
eos/eos49<span class="nt">&lt;/description&gt;</span>
<span class="nt">&lt;metadata&gt;</span>
<span class="nt">&lt;libosinfo:libosinfo</span> <span class="na">xmlns:libosinfo=</span><span class="s">"http://libosinfo.org/xmlns/libvirt/domain/1.0"</span><span class="nt">&gt;</span>
<span class="nt">&lt;libosinfo:os</span> <span class="na">id=</span><span class="s">"http://archlinux.org/archlinux/rolling"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/libosinfo:libosinfo&gt;</span>
<span class="nt">&lt;/metadata&gt;</span>
<span class="nt">&lt;memory</span> <span class="na">unit=</span><span class="s">"KiB"</span><span class="nt">&gt;</span>4194304<span class="nt">&lt;/memory&gt;</span>
<span class="nt">&lt;currentMemory</span> <span class="na">unit=</span><span class="s">"KiB"</span><span class="nt">&gt;</span>4194304<span class="nt">&lt;/currentMemory&gt;</span>
<span class="nt">&lt;memoryBacking&gt;</span>
<span class="nt">&lt;source</span> <span class="na">type=</span><span class="s">"memfd"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;access</span> <span class="na">mode=</span><span class="s">"shared"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/memoryBacking&gt;</span>
<span class="nt">&lt;vcpu</span> <span class="na">placement=</span><span class="s">"static"</span><span class="nt">&gt;</span>2<span class="nt">&lt;/vcpu&gt;</span>
<span class="nt">&lt;os</span> <span class="na">firmware=</span><span class="s">"efi"</span><span class="nt">&gt;</span>
<span class="nt">&lt;type</span> <span class="na">arch=</span><span class="s">"x86_64"</span> <span class="na">machine=</span><span class="s">"pc-q35-8.1"</span><span class="nt">&gt;</span>hvm<span class="nt">&lt;/type&gt;</span>
<span class="nt">&lt;firmware&gt;</span>
<span class="nt">&lt;feature</span> <span class="na">enabled=</span><span class="s">"no"</span> <span class="na">name=</span><span class="s">"enrolled-keys"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;feature</span> <span class="na">enabled=</span><span class="s">"yes"</span> <span class="na">name=</span><span class="s">"secure-boot"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/firmware&gt;</span>
<span class="nt">&lt;loader</span> <span class="na">readonly=</span><span class="s">"yes"</span> <span class="na">secure=</span><span class="s">"yes"</span> <span class="na">type=</span><span class="s">"pflash"</span><span class="nt">&gt;</span>/usr/share/edk2/x64/OVMF_CODE.secboot.4m.fd<span class="nt">&lt;/loader&gt;</span>
<span class="nt">&lt;nvram</span> <span class="na">template=</span><span class="s">"/usr/share/edk2/x64/OVMF_VARS.4m.fd"</span><span class="nt">&gt;</span>/var/lib/libvirt/qemu/nvram/archlinux_VARS.fd<span class="nt">&lt;/nvram&gt;</span>
<span class="nt">&lt;/os&gt;</span>
<span class="nt">&lt;features&gt;</span>
<span class="nt">&lt;acpi/&gt;</span>
<span class="nt">&lt;apic/&gt;</span>
<span class="nt">&lt;vmport</span> <span class="na">state=</span><span class="s">"off"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;smm</span> <span class="na">state=</span><span class="s">"on"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/features&gt;</span>
<span class="nt">&lt;cpu</span> <span class="na">mode=</span><span class="s">"host-passthrough"</span> <span class="na">check=</span><span class="s">"none"</span> <span class="na">migratable=</span><span class="s">"on"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;clock</span> <span class="na">offset=</span><span class="s">"utc"</span><span class="nt">&gt;</span>
<span class="nt">&lt;timer</span> <span class="na">name=</span><span class="s">"rtc"</span> <span class="na">tickpolicy=</span><span class="s">"catchup"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;timer</span> <span class="na">name=</span><span class="s">"pit"</span> <span class="na">tickpolicy=</span><span class="s">"delay"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;timer</span> <span class="na">name=</span><span class="s">"hpet"</span> <span class="na">present=</span><span class="s">"no"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/clock&gt;</span>
<span class="nt">&lt;on_poweroff&gt;</span>destroy<span class="nt">&lt;/on_poweroff&gt;</span>
<span class="nt">&lt;on_reboot&gt;</span>restart<span class="nt">&lt;/on_reboot&gt;</span>
<span class="nt">&lt;on_crash&gt;</span>destroy<span class="nt">&lt;/on_crash&gt;</span>
<span class="nt">&lt;pm&gt;</span>
<span class="nt">&lt;suspend-to-mem</span> <span class="na">enabled=</span><span class="s">"no"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;suspend-to-disk</span> <span class="na">enabled=</span><span class="s">"no"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/pm&gt;</span>
<span class="nt">&lt;devices&gt;</span>
<span class="nt">&lt;emulator&gt;</span>/usr/bin/qemu-system-x86_64<span class="nt">&lt;/emulator&gt;</span>
<span class="nt">&lt;disk</span> <span class="na">type=</span><span class="s">"file"</span> <span class="na">device=</span><span class="s">"disk"</span><span class="nt">&gt;</span>
<span class="nt">&lt;driver</span> <span class="na">name=</span><span class="s">"qemu"</span> <span class="na">type=</span><span class="s">"qcow2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;source</span> <span class="na">file=</span><span class="s">"/home/yann/virtuel/KVM/eos-lvm-luks.qcow2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">dev=</span><span class="s">"vda"</span> <span class="na">bus=</span><span class="s">"virtio"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;boot</span> <span class="na">order=</span><span class="s">"2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x04"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/disk&gt;</span>
<span class="nt">&lt;disk</span> <span class="na">type=</span><span class="s">"file"</span> <span class="na">device=</span><span class="s">"cdrom"</span><span class="nt">&gt;</span>
<span class="nt">&lt;driver</span> <span class="na">name=</span><span class="s">"qemu"</span> <span class="na">type=</span><span class="s">"raw"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;source</span> <span class="na">file=</span><span class="s">"/home/yann/iso/endeavouros/Endeavouros-Galileo-11-2023.iso"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">dev=</span><span class="s">"sda"</span> <span class="na">bus=</span><span class="s">"sata"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;readonly/&gt;</span>
<span class="nt">&lt;boot</span> <span class="na">order=</span><span class="s">"1"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"drive"</span> <span class="na">controller=</span><span class="s">"0"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">target=</span><span class="s">"0"</span> <span class="na">unit=</span><span class="s">"0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/disk&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"usb"</span> <span class="na">index=</span><span class="s">"0"</span> <span class="na">model=</span><span class="s">"qemu-xhci"</span> <span class="na">ports=</span><span class="s">"15"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x02"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"0"</span> <span class="na">model=</span><span class="s">"pcie-root"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"1"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"1"</span> <span class="na">port=</span><span class="s">"0x10"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x0"</span> <span class="na">multifunction=</span><span class="s">"on"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"2"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"2"</span> <span class="na">port=</span><span class="s">"0x11"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x1"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"3"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"3"</span> <span class="na">port=</span><span class="s">"0x12"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"4"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"4"</span> <span class="na">port=</span><span class="s">"0x13"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x3"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"5"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"5"</span> <span class="na">port=</span><span class="s">"0x14"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x4"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"6"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"6"</span> <span class="na">port=</span><span class="s">"0x15"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x5"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"7"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"7"</span> <span class="na">port=</span><span class="s">"0x16"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x6"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"8"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"8"</span> <span class="na">port=</span><span class="s">"0x17"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x02"</span> <span class="na">function=</span><span class="s">"0x7"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"9"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"9"</span> <span class="na">port=</span><span class="s">"0x18"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x0"</span> <span class="na">multifunction=</span><span class="s">"on"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"10"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"10"</span> <span class="na">port=</span><span class="s">"0x19"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x1"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"11"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"11"</span> <span class="na">port=</span><span class="s">"0x1a"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"12"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"12"</span> <span class="na">port=</span><span class="s">"0x1b"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x3"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"13"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"13"</span> <span class="na">port=</span><span class="s">"0x1c"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x4"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">index=</span><span class="s">"14"</span> <span class="na">model=</span><span class="s">"pcie-root-port"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"pcie-root-port"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">chassis=</span><span class="s">"14"</span> <span class="na">port=</span><span class="s">"0x1d"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x03"</span> <span class="na">function=</span><span class="s">"0x5"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"sata"</span> <span class="na">index=</span><span class="s">"0"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x1f"</span> <span class="na">function=</span><span class="s">"0x2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;controller</span> <span class="na">type=</span><span class="s">"virtio-serial"</span> <span class="na">index=</span><span class="s">"0"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x03"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/controller&gt;</span>
<span class="nt">&lt;filesystem</span> <span class="na">type=</span><span class="s">"mount"</span> <span class="na">accessmode=</span><span class="s">"passthrough"</span><span class="nt">&gt;</span>
<span class="nt">&lt;driver</span> <span class="na">type=</span><span class="s">"virtiofs"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;source</span> <span class="na">dir=</span><span class="s">"/srv/media"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;target</span> <span class="na">dir=</span><span class="s">"media_tag"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x07"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/filesystem&gt;</span>
<span class="nt">&lt;interface</span> <span class="na">type=</span><span class="s">"bridge"</span><span class="nt">&gt;</span>
<span class="nt">&lt;mac</span> <span class="na">address=</span><span class="s">"52:54:00:64:59:ce"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;source</span> <span class="na">bridge=</span><span class="s">"br0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;model</span> <span class="na">type=</span><span class="s">"virtio"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x01"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/interface&gt;</span>
<span class="nt">&lt;serial</span> <span class="na">type=</span><span class="s">"pty"</span><span class="nt">&gt;</span>
<span class="nt">&lt;target</span> <span class="na">type=</span><span class="s">"isa-serial"</span> <span class="na">port=</span><span class="s">"0"</span><span class="nt">&gt;</span>
<span class="nt">&lt;model</span> <span class="na">name=</span><span class="s">"isa-serial"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/target&gt;</span>
<span class="nt">&lt;/serial&gt;</span>
<span class="nt">&lt;console</span> <span class="na">type=</span><span class="s">"pty"</span><span class="nt">&gt;</span>
<span class="nt">&lt;target</span> <span class="na">type=</span><span class="s">"serial"</span> <span class="na">port=</span><span class="s">"0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/console&gt;</span>
<span class="nt">&lt;channel</span> <span class="na">type=</span><span class="s">"unix"</span><span class="nt">&gt;</span>
<span class="nt">&lt;target</span> <span class="na">type=</span><span class="s">"virtio"</span> <span class="na">name=</span><span class="s">"org.qemu.guest_agent.0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"virtio-serial"</span> <span class="na">controller=</span><span class="s">"0"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">port=</span><span class="s">"1"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/channel&gt;</span>
<span class="nt">&lt;channel</span> <span class="na">type=</span><span class="s">"spicevmc"</span><span class="nt">&gt;</span>
<span class="nt">&lt;target</span> <span class="na">type=</span><span class="s">"virtio"</span> <span class="na">name=</span><span class="s">"com.redhat.spice.0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"virtio-serial"</span> <span class="na">controller=</span><span class="s">"0"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">port=</span><span class="s">"2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/channel&gt;</span>
<span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"tablet"</span> <span class="na">bus=</span><span class="s">"usb"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"usb"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">port=</span><span class="s">"1"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/input&gt;</span>
<span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"mouse"</span> <span class="na">bus=</span><span class="s">"ps2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"keyboard"</span> <span class="na">bus=</span><span class="s">"ps2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;graphics</span> <span class="na">type=</span><span class="s">"spice"</span> <span class="na">autoport=</span><span class="s">"yes"</span><span class="nt">&gt;</span>
<span class="nt">&lt;listen</span> <span class="na">type=</span><span class="s">"address"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;image</span> <span class="na">compression=</span><span class="s">"off"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/graphics&gt;</span>
<span class="nt">&lt;sound</span> <span class="na">model=</span><span class="s">"ich9"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x1b"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/sound&gt;</span>
<span class="nt">&lt;audio</span> <span class="na">id=</span><span class="s">"1"</span> <span class="na">type=</span><span class="s">"spice"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;video&gt;</span>
<span class="nt">&lt;model</span> <span class="na">type=</span><span class="s">"virtio"</span> <span class="na">heads=</span><span class="s">"1"</span> <span class="na">primary=</span><span class="s">"yes"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x00"</span> <span class="na">slot=</span><span class="s">"0x01"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/video&gt;</span>
<span class="nt">&lt;redirdev</span> <span class="na">bus=</span><span class="s">"usb"</span> <span class="na">type=</span><span class="s">"spicevmc"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"usb"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">port=</span><span class="s">"2"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/redirdev&gt;</span>
<span class="nt">&lt;redirdev</span> <span class="na">bus=</span><span class="s">"usb"</span> <span class="na">type=</span><span class="s">"spicevmc"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"usb"</span> <span class="na">bus=</span><span class="s">"0"</span> <span class="na">port=</span><span class="s">"3"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/redirdev&gt;</span>
<span class="nt">&lt;watchdog</span> <span class="na">model=</span><span class="s">"itco"</span> <span class="na">action=</span><span class="s">"reset"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;memballoon</span> <span class="na">model=</span><span class="s">"virtio"</span><span class="nt">&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x05"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/memballoon&gt;</span>
<span class="nt">&lt;rng</span> <span class="na">model=</span><span class="s">"virtio"</span><span class="nt">&gt;</span>
<span class="nt">&lt;backend</span> <span class="na">model=</span><span class="s">"random"</span><span class="nt">&gt;</span>/dev/urandom<span class="nt">&lt;/backend&gt;</span>
<span class="nt">&lt;address</span> <span class="na">type=</span><span class="s">"pci"</span> <span class="na">domain=</span><span class="s">"0x0000"</span> <span class="na">bus=</span><span class="s">"0x06"</span> <span class="na">slot=</span><span class="s">"0x00"</span> <span class="na">function=</span><span class="s">"0x0"</span><span class="nt">/&gt;</span>
<span class="nt">&lt;/rng&gt;</span>
<span class="nt">&lt;/devices&gt;</span>
<span class="nt">&lt;/domain&gt;</span></code></pre></figure>
</details>
<h3 id="installation-via-usb-live">Installation via USB LIVE</h3>
<p>Démarrage avec la clé USB insérée dans le portable DELL Latitude e6230 et appui sur F12 pour un accès au menu<br />
Choisir UEFI specific storage</p>
<p>Vous arrivez sur la page de sélection<br />
<img src="/images/endos0001.png" alt="" width="400" /><br />
Valider le choix par défaut</p>
<p>Changer le clavier en FR<br />
<img src="/images/endos0001a.png" alt="" width="600" /><br />
<img src="/images/endos0001b.png" alt="" width="400" /><br />
<img src="/images/endos0001c.png" alt="" width="200" /><br />
Supprimer <strong>English(US)</strong> pour ne garder que <strong>French</strong> et <strong>Close</strong></p>
<p>Ouvrir un <strong>Terminal Emulator</strong> dans le live endeavour<br />
<img src="/images/endos0001d.png" alt="" width="600" /></p>
<h3 id="partionner-un-disque">Partionner un disque</h3>
<p>en mode su</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<p>Le disque : <code class="language-plaintext highlighter-rouge">lsblk</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 1.7G 1 loop /run/archiso/airootfs
sr0 11:0 1 1.9G 0 rom /run/archiso/bootmnt
vda 254:0 0 30G 0 disk
</code></pre></div></div>
<p>On partitionne un disque en 3 avec <code class="language-plaintext highlighter-rouge">gdisk</code></p>
<ul>
<li>Partition 1 : 512M EFI (code ef00) système de fichier FAT32</li>
<li>Partition 2 : 22G LVM (code 8e00) système de fichier EXT4</li>
<li>Partition restante pour Installation temporaire (8Go)</li>
</ul>
<p>Zapper le disque,</p>
<p>(<strong>Attention</strong> Ceci effacera de manière irréversible toutes les données de votre disque, veuillez sauvegarder toutes les données importantes) :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sgdisk --zap-all /dev/vda
# OU
wipefs -a /dev/vda
</code></pre></div></div>
<p>Créer une table de partition GPT à laide de la commande <code class="language-plaintext highlighter-rouge">sgdisk</code> :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sgdisk --clear --new=1:0:+512MiB --typecode=1:ef00 --new=2:0:+22G --typecode=2:8e00 /dev/vda
</code></pre></div></div>
<p>Résultat</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Creating new GPT entries in memory.
The operation has completed successfully.
</code></pre></div></div>
<p>Format la partition EFI</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkfs.fat -F32 /dev/vda1
</code></pre></div></div>
<h3 id="installer-endeavouros-sur-une-partition-temporaire">Installer EndeavourOS sur une partition temporaire</h3>
<p>Lancer linstallation<br />
<img src="/images/vmm-eos01.png" alt="" width="600" /><br />
<img src="/images/vmm-eos02.png" alt="" width="600" /><br />
<img src="/images/vmm-eos03.png" alt="" width="600" /><br />
<img src="/images/vmm-eos04.png" alt="" width="600" /><br />
<img src="/images/vmm-eos05.png" alt="" width="600" /><br />
<img src="/images/vmm-eos06.png" alt="" width="600" /><br />
<img src="/images/vmm-eos07.png" alt="" width="600" /><br />
<img src="/images/vmm-eos08.png" alt="" width="600" /><br />
<img src="/images/vmm-eos09.png" alt="" width="600" /></p>
<p><img src="/images/vmm-eos10.png" alt="" width="600" /><br />
<img src="/images/vmm-eos11.png" alt="" width="600" /><br />
<img src="/images/vmm-eos12.png" alt="" width="600" /><br />
<img src="/images/vmm-eos.png" alt="" width="600" /><br />
<img src="/images/vmm-eos.png" alt="" width="600" /></p>
<p>eos-vm<br />
eos/eos49<br />
Même MP admin</p>
<p>Une fois linstallation terminée, **Redémarrer et tester ** si vous pouvez accéder au système crypté.
Vous devriez maintenant avoir un système crypté LUKS (sans les trucs amusants comme les volumes logiques, la partition /home séparée, etc.).</p>
<h3 id="redémarrer-avec-le-cd-live">Redémarrer avec le CD Live</h3>
<p>Basculer en FR et ouvrir un terminal</p>
<p>Pour un accès sur la machine via SSH<br />
Lancer le service : <code class="language-plaintext highlighter-rouge">sudo systemctl start sshd</code><br />
Ouvrir le port 22 firewall: <code class="language-plaintext highlighter-rouge">sudo firewall-cmd --zone=public --add-port=22/tcp --permanent</code><br />
Créer un mot de passe à liveuser : <code class="language-plaintext highlighter-rouge">passwd liveuser</code>
Relever ladresse ip de la machine : <code class="language-plaintext highlighter-rouge">ip a</code></p>
<h3 id="configurer-le-nouveau-système-lvmonluks">Configurer le nouveau système LVMonLUKS</h3>
<h3 id="convertir-déchiffrer-et-monter-le-système-temporaire">Convertir Déchiffrer et monter le système temporaire</h3>
<p>Dans lenvironnement live-CD, ouvrir un Terminal ,basculer en mode su</p>
<p>Conversion chiffrement luks2 du système temporaire chiffré /dev/vda3 (luks1)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup convert /dev/vda3 --type luks2
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>WARNING!
========
This operation will convert /dev/vda3 to LUKS2 format.
Are you sure? (Type 'yes' in capital letters): YES
</code></pre></div></div>
<p>Confirmer par la saisie YES</p>
<p>Saisir (ou marquer et copier la ligne avec ctrl-c et coller dans le terminal avec shift-ctrl-v )</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksOpen /dev/vda3 crypttemp <span class="c"># saisir la phrase mot de passe de l'installation</span>
<span class="nb">mkdir</span> <span class="nt">-p</span> /media/crypttemp
mount /dev/mapper/crypttemp /media/crypttemp
</code></pre></div></div>
<p>Nos données dinstallation temporaires sont désormais accessibles sous <code class="language-plaintext highlighter-rouge">/media/crypttemp</code> et peuvent être copiées sur le nouveau système que nous allons mettre en place dans les prochaines étapes.</p>
<h3 id="configurer-le-nouveau-système-lvmonluks-1">Configurer le nouveau système LVMonLUKS</h3>
<p>Chiffrer la partition /dev/vda2</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksFormat <span class="nt">--type</span> luks2 /dev/vda2
</code></pre></div></div>
<p>Une demande de confirmation est exigée</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>WARNING!
========
This will overwrite data on /dev/vda2 irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/vda2:
Verify passphrase:
</code></pre></div></div>
<p>Choisissez un mot de passe sécurisé ( <a href="https://xkcd.com/936/">https://xkcd.com/936/</a> )<br />
Ouvrir la partition chiffrée</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksOpen /dev/vda2 crypt
<span class="c"># Enter passphrase for /dev/vda2:</span>
pvcreate /dev/mapper/crypt
<span class="c"># Physical volume "/dev/mapper/crypt" successfully created.</span>
vgcreate vg0 /dev/mapper/crypt
<span class="c"># Volume group "vg0" successfully created</span>
</code></pre></div></div>
<p>Disque virtuel de 30G, Partition libre 22G</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lvcreate <span class="nt">-L</span> 17G vg0 <span class="nt">-n</span> lvroot
<span class="c"># Logical volume "lvroot" created.</span>
lvcreate <span class="nt">--extents</span> 100%FREE vg0 <span class="nt">-n</span> lvhome
<span class="c"># Logical volume "lvhome" created.</span>
</code></pre></div></div>
<p>Créez un système de fichiers ext4 sur les volumes logiques.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkfs.ext4 <span class="nt">-L</span> root /dev/mapper/vg0-lvroot
mkfs.ext4 <span class="nt">-L</span> home /dev/mapper/vg0-lvhome
</code></pre></div></div>
<h3 id="monter-le-nouveau-système-sur-mnt">Monter le nouveau système sur /mnt</h3>
<p>Monter le nouveau système sur <code class="language-plaintext highlighter-rouge">/mnt</code> pour les systèmes UEFI</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mount /dev/mapper/vg0-lvroot /mnt
<span class="nb">mkdir</span> <span class="nt">-p</span> /mnt/home
mount /dev/mapper/vg0-lvhome /mnt/home
<span class="nb">mkdir</span> <span class="nt">-p</span> /mnt/efi
mount /dev/vda1 /mnt/efi
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lsblk
</code></pre></div></div>
<p>devrait maintenant fournir une sortie similaire à la suivante (ignorez les tailles, celles-ci proviennent dune installation de test) …</p>
<p>pour les systèmes UEFI :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 1.7G 1 loop /run/archiso/airootfs
sr0 11:0 1 1.9G 0 rom /run/archiso/bootmnt
vda 254:0 0 30G 0 disk
├─vda1 254:1 0 512M 0 part /mnt/efi
├─vda2 254:2 0 22G 0 part
│ └─crypt 253:1 0 22G 0 crypt
│ ├─vg0-lvroot 253:2 0 17G 0 lvm /mnt
│ └─vg0-lvhome 253:3 0 5G 0 lvm /mnt/home
└─vda3 254:3 0 7.5G 0 part
└─crypttemp 253:0 0 7.5G 0 crypt /media/crypttemp
</code></pre></div></div>
<h3 id="copier-le-système-temporaire">Copier le système temporaire</h3>
<p>pour vider les nouveaux points de montage</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rsync -avA /media/crypttemp/ /mnt
</code></pre></div></div>
<p><em>Veuillez patienter quelques minutes</em></p>
<h3 id="démonter-le-système-temporaire">Démonter le système temporaire</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>umount /media/crypttemp
cryptsetup luksClose crypttemp
</code></pre></div></div>
<h3 id="ajouter-un-fichier-de-clé-existant-luks">Ajouter un fichier de clé existant LUKS</h3>
<p>Nous allons maintenant ajouter une deuxième clé saisie à la création chiffrement sur /dev/vda2<br />
Nous ferons référence à cette clé à létape suivante.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksAddKey /dev/vda2 /mnt/crypto_keyfile.bin
</code></pre></div></div>
<p>Il faut saisir le phrase mot de passe</p>
<h3 id="configurer-crypttab">Configurer “crypttab”</h3>
<p>Configuration <code class="language-plaintext highlighter-rouge">/etc/crypttab</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksUUID /dev/vda2
</code></pre></div></div>
<p>renvoie <strong>5510b187-f57c-41f5-b975-0605e35788c2</strong><br />
Votre UUID sera différent, alors <u>**assurez-vous d'utiliser votre UUID à l'étape suivante !**</u></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /mnt/etc/crypttab
</code></pre></div></div>
<p>contient une ligne non commentée commençant par <code class="language-plaintext highlighter-rouge">luks-</code><br />
Remplacez cette ligne par la suivante ; <u>**n'oubliez pas d' utiliser votre UUID**</u></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 /crypto_keyfile.bin luks
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<h3 id="basculer-en-chroot">Basculer en chroot</h3>
<p>Passer en chroot</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>arch-chroot /mnt
</code></pre></div></div>
<h3 id="configurer-fstab">Configurer “fstab”</h3>
<p>Configurer /etc/fstab</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>blkid -s UUID -o value /dev/mapper/vg0-lvroot
</code></pre></div></div>
<p>renvoie lUUID du volume racine : <strong>1bcc7b90-94f1-4bee-94ec-cd530c16cf52</strong>.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>blkid -s UUID -o value /dev/mapper/vg0-lvhome
</code></pre></div></div>
<p>renvoie lUUID du volume daccueil : <strong>82717601-58fb-4316-a362-408cd3161c06</strong>.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/fstab
</code></pre></div></div>
<p>contient une ligne commençant par <code class="language-plaintext highlighter-rouge">/dev/mapper/luks-</code><br />
<strong>Supprimez</strong> cette ligne et ajoutez ce qui suit (<u>**n'oubliez pas d' utiliser vos UUID**</u>)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>UUID=1bcc7b90-94f1-4bee-94ec-cd530c16cf52 / ext4 defaults,acl,noatime,discard 0 0
UUID=82717601-58fb-4316-a362-408cd3161c06 /home ext4 defaults,acl,noatime,discard 0 0
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<h3 id="ajout-fichier-échange-option">Ajout fichier échange (OPTION)</h3>
<p>Utilisez dd pour créer un fichier déchange de la taille de votre choix.<br />
Création dun fichier déchange de 1024 Mo (pour tous les systèmes de fichiers)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dd if=/dev/zero of=/swapfile bs=1M count=1024 status=progress
</code></pre></div></div>
<p>Remplacez <code class="language-plaintext highlighter-rouge">count=1024</code> par la quantité de Mo que vous souhaitez installer pour lutilisation du fichier déchange :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod 600 /swapfile
</code></pre></div></div>
<p>Pour donner au fichier déchange des permissions de racine seulement.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkswap /swapfile
</code></pre></div></div>
<p>Pour faire du fichier un espace de pagination et enfin pour activer le fichier :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>swapon /swapfile
</code></pre></div></div>
<p>Modifier /etc/fstab pour activer le fichier déchange</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/fstab
</code></pre></div></div>
<p>Ajoutez la ligne suivante…</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/swapfile none swap defaults,pri=-2 0 0
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<blockquote>
<p>Remarque : le fichier déchange doit être spécifié par son emplacement sur le système de fichiers, et non par son UUID ou son LABEL.</p>
</blockquote>
<p>pour vérifier :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>swapon --show
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NAME TYPE SIZE USED PRIO
/swapfile file 1024M 0B -2
</code></pre></div></div>
<h3 id="modifier-les-options-du-noyau">Modifier les options du noyau</h3>
<p>Dans <strong>systemd-boot</strong>, vous éditez le fichier dentrée approprié qui se trouve sur votre partition EFI dans le répertoire <code class="language-plaintext highlighter-rouge">loader/entries</code><br />
Chaque entrée est une option de démarrage dans le menu et chacune a une ligne appelée options. Vous pouvez modifier ces entrées directement, mais ces changements peuvent être écrasés lors de linstallation ou de la mise à jour de paquets.</p>
<p>Pour effectuer les changements, au lieu de modifier les entrées, modifiez le fichier <code class="language-plaintext highlighter-rouge">/etc/kernel/cmdline</code> qui est un fichier dune ligne contenant une liste doptions du noyau.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/kernel/cmdline
</code></pre></div></div>
<p>UUID de /dev/vda2 : <code class="language-plaintext highlighter-rouge">blkid -s UUID -o value /dev/vda2</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nvme_load=YES nowatchdog rw rd.luks.uuid=5510b187-f57c-41f5-b975-0605e35788c2 root=/dev/mapper/vg0-lvroot
</code></pre></div></div>
<p>Exécutez ensuite <code class="language-plaintext highlighter-rouge">sudo reinstall-kernels</code> qui remplira les entrées et régénérera les initrds.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>reinstall-kernels
</code></pre></div></div>
<h3 id="sortie-du-chroot">Sortie du chroot</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>exit
</code></pre></div></div>
<h3 id="redémarrer">Redémarrer</h3>
<p>Retirer le cd live</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>reboot
</code></pre></div></div>
<blockquote>
<p>FINI! Vous devriez maintenant avoir un système LVMonLUKS fonctionnel avec un volume logique séparé pour /home.</p>
</blockquote>
<h3 id="tester-le-nouveau-système-lvmonluks-chiffré">Tester le nouveau système LVMonLUKS chiffré</h3>
<p>Dans le boot, saisir la phrase de passe pour déchiffrer le disque<br />
<img src="/images/eos-chiffre-d.png" alt="" /></p>
<p>Puis on arrive sur la pade de connexion<br />
<img src="/images/eos-chiffre-e.png" alt="" /></p>
<h2 id="ajouter-la-partition-temporaire-à-la-partition-chiffrée-facultatif">Ajouter la partition temporaire à la partition chiffrée (FACULTATIF)</h2>
<p>Vous pouvez simplement reformater /dev/vda3 et lutiliser comme stockage non chiffré, mais ici, nous allons récupérer lespace et lattribuer, par exemple, à notre volume personnel.</p>
<p>Redémarrez dans lenvironnement Live-Cd.</p>
<p>Ouvrir un terminal en mode su</p>
<h3 id="supprimer-vda3-installation-temporaire-endeavouros">Supprimer vda3 (installation temporaire EndeavourOS)</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fdisk -l
</code></pre></div></div>
<p>affiche des informations concernant nos disques et partitions.</p>
<p>Nous allons maintenant supprimer /dev/vda3. Entrez simplement les caractères ci-dessous dans lordre indiqué.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fdisk /dev/vda
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt; p
&gt; d
&gt; 3 (delete partition 3)
&gt; w (write changes to disk)
</code></pre></div></div>
<h3 id="agrandir-la-partition-et-le-groupe-de-volumes">Agrandir la partition et le groupe de volumes</h3>
<p>Opération fdisk</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fdisk /dev/vda
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt; d
&gt; 2 (delete partition 2)
&gt; n
&gt; 2 (recreate partition 2)
&gt; (first sector is 'default'; press enter)
&gt; (last sector is 'default'; press enter)
&gt; n (keep existing filesystem signature)
&gt; w (write changes to disk)
</code></pre></div></div>
<p>Ouvrir la partition chiffrée saisir la phrase de passe</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cryptsetup luksOpen /dev/vda2 crypt <span class="c"># saisir la phrase de passe</span>
cryptsetup resize crypt <span class="nt">-v</span> <span class="c"># saisir la phrase de passe</span>
<span class="c"># Si tout OK --&gt; Command successful.</span>
e2fsck <span class="nt">-f</span> /dev/mapper/vg0-lvroot
e2fsck <span class="nt">-f</span> /dev/mapper/vg0-lvhome
pvresize /dev/mapper/crypt
</code></pre></div></div>
<p>Le groupe de volumes vg0 contient maintenant lespace que nous avons libéré en supprimant /dev/vda3. Il a été ajouté en tant quespace libre pouvant être utilisé pour des instantanés ou une affectation future au volume racine ou daccueil (ce que nous ferons à létape suivante) ou à des volumes supplémentaires (nouveaux).<br />
<img src="/images/eos-chiffre-f.png" alt="" /></p>
<h3 id="augmenter-le-volume-home">Augmenter le volume home</h3>
<p>Quelques informations sur la façon de convertir/calculer les secteurs, MB, PEs :</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">sectors / 2048 / 4 = PE</code></li>
<li><code class="language-plaintext highlighter-rouge">PE *4 = MiB *2048 = sectors</code><br />
Si vos calculs renvoient un PE non entier, vous devez larrondir à linférieur !</li>
</ul>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fdisk <span class="nt">-l</span>
vgdisplay
lvdisplay
</code></pre></div></div>
<p>fournira des informations concernant lespace utilisé (alloué) et libre.</p>
<p>Exemples de différentes possibilités :</p>
<ul>
<li>développer lvroot par 32326 PE<br />
<code class="language-plaintext highlighter-rouge">lvextend -l +32326 /dev/mapper/vg0-lvroot</code></li>
<li>étendre le volume à 150 Go<br />
<code class="language-plaintext highlighter-rouge">lvextend -L 150G /dev/mapper/vg0-lvroot</code></li>
<li>augmenter le volume de 10 Go<br />
<code class="language-plaintext highlighter-rouge">lvextend -L +10G /dev/mapper/vg0-lvroot</code></li>
<li>remplir tout lespace non alloué dans le groupe de volumes<br />
<code class="language-plaintext highlighter-rouge">lvextend -l +100%FREE /dev/vg0-lvroot</code></li>
</ul>
<p>Mais nous allons maintenant ajouter tout lespace précédemment libéré au volume daccueil .</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lvextend -l +100%FREE /dev/mapper/vg0-lvhome
Size of logical volume vg0/lvhome changed from 3.60 GiB (922 extents) to 11.48 GiB (2939 extents).
</code></pre></div></div>
<p>Le système de fichiers résidant dans notre volume logique doit également être ajusté.<br />
Nous augmenterons le système de fichiers à la taille maximale pour ajouter les 8 Go.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>resize2fs -p /dev/mapper/vg0-lvhome
</code></pre></div></div>
<p>Vérifions le système de fichiers des volumes logiques redimensionnés…</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>e2fsck -f /dev/mapper/vg0-lvhome
</code></pre></div></div>
<p>FINI! Vous pouvez quitter lenvironnement live-cd et redémarrer dans votre système LVMonLUKS.</p>
<h3 id="clavier-grub">Clavier (GRUB)</h3>
<p><code class="language-plaintext error highlighter-rouge">Il est impossible de définir un clavier autre que US avant la saisie du code de déchiffrement lors de la phase démarrage GRUB</code></p>
<p><a href="https://html-et-caetera.com/azertyfy/">Convertisseur QWERTY / AZERTY</a><br />
Convertissez un texte que vous auriez écrit en AZERTY avec un clavier QWERTY et inversement</p>
<h2 id="ajouter-fichier-échange-avec-hibernation-de-travail-facultatif">Ajouter fichier échange avec hibernation de travail (FACULTATIF)</h2>
<h3 id="créer-un-fichier-déchange">Créer un fichier déchange</h3>
<p>Remarque : Si vous souhaitez utiliser lhibernation, vous devez ajouter un swap car le contenu de la RAM sera écrit sur la partition/fichier de swap. Cela signifie également que la taille du swap doit être au moins égale à la taille de la RAM. Lisez <a href="https://itsfoss.com/swap-size/">ici</a> sur le choix des tailles déchange par exemple.</p>
<p>Choisissez la taille de votre fichier déchange (par exemple “8” pour 8 Go).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>swapsizeGB=8
</code></pre></div></div>
<p>Les commandes suivantes produiront un fichier déchange avec la taille choisie :</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">swapsize</span><span class="o">=</span><span class="k">$((</span> swapsizeGB <span class="o">*</span> <span class="m">1024</span> <span class="k">))</span>
<span class="nb">sudo dd </span><span class="k">if</span><span class="o">=</span>/dev/zero <span class="nv">of</span><span class="o">=</span>/swapfile <span class="nv">count</span><span class="o">=</span><span class="nv">$swapsize</span> <span class="nv">bs</span><span class="o">=</span>1MiB <span class="nv">status</span><span class="o">=</span>progress
<span class="nb">sudo chmod </span>600 /swapfile
<span class="nb">sudo </span>mkswap /swapfile
<span class="nb">sudo </span>swapon /swapfile
</code></pre></div></div>
<p>Vérifier …</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>swapon --show
</code></pre></div></div>
<h3 id="modifier-etcfstab-pour-activer-le-fichier-déchange-après-le-redémarrage">Modifier /etc/fstab pour activer le fichier déchange après le redémarrage</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/fstab
</code></pre></div></div>
<p>Ajoutez la ligne suivante…</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/swapfile none swap defaults,pri=-2 0 0
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<h3 id="activer-lhibernation">Activer lhibernation</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo blkid -s UUID -o value /dev/mapper/vg0-lvroot
</code></pre></div></div>
<p>renvoie lUUID du volume racine. Par exemple <strong>53d2a76e-13b8-4a29-affc-197b33a706c1</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo filefrag -v /swapfile | awk '{if($1=="0:"){print $4}}'
</code></pre></div></div>
<p>renvoie le décalage du fichier déchange. Par exemple <code class="language-plaintext highlighter-rouge">997376..,</code> ce qui signifie 997376.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/default/grub
</code></pre></div></div>
<p>Ajoutez l entrée <code class="language-plaintext highlighter-rouge">resume=UUID=</code> et <code class="language-plaintext highlighter-rouge">resume_offset=</code> à la fin de <code class="language-plaintext highlighter-rouge">GRUB_CMDLINE_LINUX_DEFAULT=</code> (<u>**n'oubliez pas d'utiliser votre UUID et offset**</u>)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>GRUB_CMDLINE_LINUX_DEFAULT="[...] resume=UUID=53d2a76e-13b8-4a29-affc-197b33a706c1 resume_offset=997376"
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<p>Si vous navez pas déjà suivi létape 11 et ajouté <strong>resume</strong> à <code class="language-plaintext highlighter-rouge">/etc/mkinitcpio.conf</code>, faites-le maintenant…</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/mkinitcpio.conf
</code></pre></div></div>
<p>Modifiez la <code class="language-plaintext highlighter-rouge">HOOKS=ligne</code>… en ajoutant <strong>resume</strong> (avant les systèmes de fichiers).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 resume filesystems fsck"
</code></pre></div></div>
<p>Sauvegarder et quitter.</p>
<p>Faites savoir au système que certaines choses ont changé…</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>mkinitcpio <span class="nt">-p</span> linux
<span class="nb">sudo </span>grub-mkconfig <span class="nt">-o</span> /boot/grub/grub.cfg
</code></pre></div></div>
<p>FINI! Vous devriez maintenant avoir un fichier déchange et pouvoir hiberner.</p>
<h2 id="liens">Liens</h2>
<ul>
<li><a href="https://zestedesavoir.com/tutoriels/1653/installer-un-ubuntu-chiffre-avec-luks-lvm-et-un-partitionnement-personnalise/">Installer un Ubuntu chiffré avec LUKS, LVM et un partitionnement personnalisé</a></li>
<li><a href="https://www.fosslinux.com/68563/how-to-encrypt-lvm-volumes-with-luks.htm">How to encrypt LVM volumes with LUKS</a></li>
<li><a href="https://discovery.endeavouros.com/encrypted-installation/lvmonluks/2021/03/">Full disk encryption: LVMonLUKS with a separate home partition and hibernation with a swapfile</a></li>
<li><a href="https://driikolu.fr/2020/03/install_arch_chiffre_uefi/">Installation dArchlinux en UEFI &amp; chiffré</a></li>
<li><a href="https://ciksiti.com/fr/chapters/667-setup-luks-encryption-on-arch-linux--linux-hint">Configurer le chiffrement LUKS sur Arch Linux Indice Linux</a></li>
</ul>
<h2 id="annexe">Annexe</h2>
<h3 id="clé-fido-pour-déchiffrement-au-boot">Clé FIDO pour déchiffrement au boot</h3>
<p><a href="/2023/07/01/Yubikey.html#déverrouillage-au-boot-dun-disque-entièrement-chiffré-luks2">Déverrouillage au boot dun disque entièrement chiffré LUKS2</a></p>
<p>Installer la librairie libfido : <code class="language-plaintext highlighter-rouge">sudo pacman -S libfido2</code>
Vérifier que la YubiKey est insérée dans un port USB
Lister présence clé : <code class="language-plaintext highlighter-rouge">systemd-cryptenroll --fido2-device=list</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>PATH MANUFACTURER PRODUCT
/dev/hidraw2 Yubico YubiKey OTP+FIDO+CCID
</code></pre></div></div>
<p>Enroler la clé, la phrase de passe du disque est demandée. Le disque chiffré est <code class="language-plaintext highlighter-rouge">/dev/vda2</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemd-cryptenroll --fido2-device=auto /dev/vda2
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>🔐 Please enter current passphrase for disk /dev/vda2: ***********
Requested to lock with PIN, but FIDO2 device /dev/hidraw2 does not support it, disabling.
Initializing FIDO2 credential on security token.
👆 (Hint: This might require confirmation of user presence on security token.)
Generating secret key on FIDO2 security token.
👆 In order to allow secret key generation, please confirm presence on security token.
New FIDO2 token enrolled as key slot 2.
</code></pre></div></div>
<p>Pour la prise en charge de cette clé FIDO , il faut modifier le fichier /etc/crypttab</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>#cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 /crypto_keyfile.bin luks
cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 /crypto_keyfile.bin luks,discard,fido2-device=auto
</code></pre></div></div>
<p>Reconstruire le noyau</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo reinstall-kernels
</code></pre></div></div>
<h3 id="déverrouiller-sa-session-linux-avec-une-yubikey">Déverrouiller sa session Linux avec une Yubikey</h3>
<ul>
<li><a href="/2023/07/01/Yubikey.html#déverrouiller-sa-session-linux-avec-une-yubikey">Déverrouiller sa session Linux avec une Yubikey</a></li>
</ul>
<h3 id="eos-vm">Eos VM</h3>
<h4 id="partage-répertoire-hôte-avec-un-invité">Partage répertoire hôte avec un invité</h4>
<p>EndeavourOS est installé sur une machine virtuelle QEMU/KVM</p>
<ul>
<li><a href="/2022/04/12/QEMU_KVM+virtio-fs-Partager_un_repertoire_hote_avec_une_machine_virtuelle.md.html#partage-répertoire-hôte-avec-un-invité">QEMU/KVM + virtio-fs - Partager un répertoire hôte avec une machine virtuelle</a></li>
</ul>
<h4 id="copiercoller-entre-hôte-et-invité">Copier/Coller entre hôte et invité</h4>
<p>Il faut installer <strong>spice-vdagent</strong> sur linvité</p>
<h3 id="plymouth">Plymouth</h3>
<p>Installer plymouth</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>yay -S plymouth
</code></pre></div></div>
<p>Modifier les options du noyau kernel <code class="language-plaintext highlighter-rouge">/etc/kernel/cmdline</code> , ajouter <code class="language-plaintext highlighter-rouge">splash</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nvme_load=YES nowatchdog rw splash rd.luks.uuid=5510b187-f57c-41f5-b975-0605e35788c2 root=/dev/mapper/vg0-lvroot
</code></pre></div></div>
<p>Modifier le fichier <code class="language-plaintext highlighter-rouge">/etc/crypttab</code><br />
Remplacer la ligne suivante<br />
<code class="language-plaintext highlighter-rouge">cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 /crypto_keyfile.bin luks</code><br />
par<br />
<code class="language-plaintext highlighter-rouge">cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 - fido2-device=auto</code><br />
ou<br />
<code class="language-plaintext highlighter-rouge">cryptlvm UUID=5510b187-f57c-41f5-b975-0605e35788c2 /crypto_keyfile.bin luks,discard,fido2-device=auto</code></p>
<p>Reconstruire</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo reinstall-kernels
</code></pre></div></div>
<p>Redémarrer la machine virtuel</p>
<p>Si vous navez pas votre clé FIDO, après 30s le mot de passe de déchiffrement est demandé<br />
<img src="/images/eos-chiffre-g.png" alt="" /></p>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2022-10-26T00:00:00+02:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2022/10/25/Archlinux-KVM_QEMU-VMM.html">Archlinux Installer KVM QEMU + VMM + Pont réseau</a></div><div class="next"><span>SUIVANT</span><a href="/2022/11/02/PACMAN_gestionnaire_de_paquets_archlinux.html">PACMAN gestionnaire de paquets archlinux</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>
Reference in New Issue Copy Permalink