From 81bad75abf3cf4a97da6fe4f58a6eb0d6cd8359e Mon Sep 17 00:00:00 2001
From: Francis Rowe
Paradoxically, as you get more advanced Parabola can actually become easier to use - when you want to setup your machine in a special way compared to what most distributions provide. + when you want to set up your machine in a special way compared to what most distributions provide. You will find over time that other distributions tend to get in your way.
@@ -257,7 +257,7 @@ Based on https://wiki.archlinux.org/index.php/Users_and_Groups.- It is important (for security reasons) to create and use a non-root (non-admin) user account for every day use. The default 'root' account is intended + It is important (for security reasons) to create and use a non-root (non-admin) user account for everyday use. The default 'root' account is intended only for critical administrative work, since it has complete access to the entire operating system.
@@ -336,10 +336,10 @@
I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files.
The first one was etc.conf, containing information and a reference to this manpage:
# man tmpfiles.d
- Read that manpage, and then continue studying all of the files.
+ Read that manpage, and then continue studying all the files.
- The systemd developers tell me that it usually isn't necessary to touch the systemd-tmpfiles utility manually at all. + The systemd developers tell me that it isn't usually necessary to touch the systemd-tmpfiles utility manually at all.
@@ -454,10 +454,10 @@
- I actually chose to ignore most of Networking section on the wiki. Instead, I plan to setup LXDE desktop with the graphical
+ I actually chose to ignore most of Networking section on the wiki. Instead, I plan to set up LXDE desktop with the graphical
network-manager client. Here is a list of network managers:
https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers.
- If you need to, set a static IP address (temporarily) using the networking guide an the Arch wiki, or start the dhcpcd service in systemd.
+ If you need to, set a static IP address (temporarily) using the networking guide and the Arch wiki, or start the dhcpcd service in systemd.
NetworkManager will be setup later, after installing LXDE.
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index 7f60ebc..a48e489 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -43,7 +43,7 @@
- Parabola is much more flexible than Trisquel, but also more involved to setup. + Parabola is much more flexible than Trisquel, but also more involved to set up.
@@ -78,7 +78,7 @@
If your drive was already LUKS encrypted (maybe you are re-installing your distro) then
it is already 'wiped'. You should just wipe the LUKS header.
https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/
- showed me how to do this. It recommends to do the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
+ showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
# head -c 3145728 /dev/urandom > /dev/sda; sync
(wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).
- Following that page, based on my requirements, I do the following based on - based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. + Following that page, based on my requirements, I do the following based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option.
@@ -184,7 +183,7 @@
# lvcreate -L 2G matrix -n swapvol (2G swap partition, named swapvol)
# lvcreate -l +100%FREE matrix -n rootvol (single large partition in the rest of the space, named rootvol)
You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example,
- if you will be running a web/mail server then you want /var in it's own partition (so that if it fills up with logs, it won't crash your system).
+ if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system).
For a home/laptop system (typical use case), a root and a swap will do (really).
@@ -213,7 +212,7 @@
Now I am following the rest of https://wiki.parabolagnulinux.org/Installation_Guide. - I also also cross referencing https://wiki.archlinux.org/index.php/Installation_guide. + I also cross referenced https://wiki.archlinux.org/index.php/Installation_guide.
Create /home and /boot on rootvol mountpoint:
@@ -244,7 +243,7 @@
Check there first to see if steps differ by now.
Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
# pacman -Sy parabola-keyring
- It says that you you get GPG errors, it's probably an expired key so do:
+ It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:
# pacman-key --populate parabola
# pacman-key --refresh-keys
# pacman -Sy parabola-keyring
@@ -352,7 +351,7 @@
- when the installer asks you to setup + when the installer asks you to set up encryption (ecryptfs) for your home directory, select 'Yes' if you want to: LUKS is already secure and performs well. Having ecryptfs on top of it will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended. Choose 'no'. @@ -51,7 +51,7 @@
- Your user password should be different than the LUKS password which you will set later on. + Your user password should be different from the LUKS password which you will set later on. Your LUKS password should, like the user password, be secure.
@@ -208,7 +208,7 @@- If you didn't encrypted your home directory, then you can safely ignore this section. + If you didn't encrypt your home directory, then you can safely ignore this section.
-- cgit v0.9.1