From 81bad75abf3cf4a97da6fe4f58a6eb0d6cd8359e Mon Sep 17 00:00:00 2001
From: Francis Rowe
- Parabola is much more flexible than Trisquel, but also more involved to setup. + Parabola is much more flexible than Trisquel, but also more involved to set up.
@@ -78,7 +78,7 @@
If your drive was already LUKS encrypted (maybe you are re-installing your distro) then
it is already 'wiped'. You should just wipe the LUKS header.
https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/
- showed me how to do this. It recommends to do the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
+ showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
# head -c 3145728 /dev/urandom > /dev/sda; sync
(wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).
- Following that page, based on my requirements, I do the following based on - based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. + Following that page, based on my requirements, I do the following based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option.
@@ -184,7 +183,7 @@
# lvcreate -L 2G matrix -n swapvol (2G swap partition, named swapvol)
# lvcreate -l +100%FREE matrix -n rootvol (single large partition in the rest of the space, named rootvol)
You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example,
- if you will be running a web/mail server then you want /var in it's own partition (so that if it fills up with logs, it won't crash your system).
+ if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system).
For a home/laptop system (typical use case), a root and a swap will do (really).
@@ -213,7 +212,7 @@
Now I am following the rest of https://wiki.parabolagnulinux.org/Installation_Guide. - I also also cross referencing https://wiki.archlinux.org/index.php/Installation_guide. + I also cross referenced https://wiki.archlinux.org/index.php/Installation_guide.
Create /home and /boot on rootvol mountpoint:
@@ -244,7 +243,7 @@
Check there first to see if steps differ by now.
Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
# pacman -Sy parabola-keyring
- It says that you you get GPG errors, it's probably an expired key so do:
+ It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:
# pacman-key --populate parabola
# pacman-key --refresh-keys
# pacman -Sy parabola-keyring
@@ -352,7 +351,7 @@