tang | linux | |
---|---|---|
11 | 981 | |
453 | 170,551 | |
2.0% | - | |
7.1 | 10.0 | |
3 months ago | 4 days ago | |
C | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tang
-
Can I boot an encrypted system by pulling the key from another PC?
Have a look at clevis and tang. These allow you do have one server - which could be your remote you want to pull from - to be source of the LUKS decryption on the system using tang.
-
PSA: Upgrade your LUKS key derivation function
I found that running tang[1] at home and needing to decrypt that box (can be a Pi or whatever) requiring a complex passphrase is very sufficient. You can even just unplug it at night if it makes you sleep better.
https://github.com/latchset/tang
-
How to mount LUKS encrypted USB storages (and HDDs inserted to hot swappable drive bay) automatically when connected? The machine is running headlessly, does not have desktop environments installed.
There are 3 ways to unlock a volume in a headless environment: - use a keyfile, located on an already available volume - use your device's TPM and utilize systemd-cryptenroll - use Clevis/Tang to unlock volumes remotely
-
is possible to encrypt disk without asking for password on boot?
This is why on headless servers you use tang (ideally, multiple tang servers)
-
Tang on OPNSense
Sharing my notes on running a Tang server on OPNSense, in case it is useful for somebody else.
-
PSA: If you have a LUKS encrypted system and a TPM2 chip, you can put it to good use
We use clevis against multiple tang servers to provide Network Bound Disk Encryption (NBDE). It's possible to also use TPM2 but it's easier to use multiple tang servers (requiring more than one server to decrypt) in the datacenter.
-
A lot of questions about Self hosting :)
For automating unlocking of encrypted drives, look into tang . Here is a red hat guide on setting it up. You will want to be running this on another device on your network, i run it on my router with openwrt since its a local device thats on 24/7. Basically it will unlock your disks as long as your server is on your network, so if your machine or drives are stolen or removed from your network they will just be encrypted as usual. Obviously use a strong encryption password.
-
Systemd 250 released
There are other ways to bind data, e.g. "network binding" with Tang server.
-
Best Evil Maid prototcol for Linux?
I wonder if https://github.com/latchset/clevis and https://github.com/latchset/tang (complementary projects) will help here.
-
Luks Root Encryption
Yes you can, using either Mandos or Clevis and Tang. https://www.recompile.se/mandos https://github.com/latchset/clevis https://github.com/latchset/tang. Basically on boot the server gets the key from another(s) servers. You could use a hidden raspberry pi for example.
linux
-
The File Filesystem
FFS predates FreeBSD and is in some capacity supported by all 3 major BSDs. I'm fairly confident that Linux actually supports it through the ufs driver ( https://github.com/torvalds/linux/tree/master/fs/ufs ); whether the use of different names in different places makes it better or worse is an exercise for the reader.
-
Linus Torvalds adds arbitrary tabs to kernel code
These are a bit easier to see what's going on:
https://github.com/torvalds/linux/commit/d5cf50dafc9dd5faa1e...
https://github.com/torvalds/linux/blob/d5cf50dafc9dd5faa1e61...
Unfortunately Github doesn't have a way to render symbols for whitespace, but you can tell by selecting the spaces that the previous version had leading tabs. Linus changed it so that the tokens `default` and the number e.g. `12` are also separated by a tab. This is tricky, because the token "default" is seven characters, it will always give this added tab a width of 1 char which makes it always layout the same as if it were a space no matter if you use tab widths of 1, 2, 4, or 8.
- Show HN: Running TempleOS in user space without virtualization
-
PfSense Software Embraces Change: A Strategic Migration to the Linux Kernel
There was also a Gentoo effort to run atop FreeBSD[0]. The challenge of course is that afaik none of the BSD kernel ABIs are considered stable. The stable interface is the BSD libc. That said, with binfmt_misc, I don't see a reason you couldn't just run (at least some) FreeBSD binaries on Linux with a thin syscall translation layer (rather something like qemu-system) and then your layer hooked via binfmt_misc. I'm not aware of anyone who has done this for FreeBSD, but prior efforts existed as alternate binfmts for SysVr4/5 ELF binaries[2]. Either way would take some elbow grease, but you *might* even be able just reuse binfmt_elf and just have a new interpreter for FreeBSD elf.
[0] https://wiki.gentoo.org/wiki/Gentoo_FreeBSD
[1] https://docs.kernel.org/admin-guide/binfmt-misc.html
[2] https://github.com/torvalds/linux/blob/master/fs/binfmt_elf....
-
Improvements to static analysis in GCC 14
> The original less-than check was deemed incorrect
It was only deemed incorrect because of an information leak. Not because it's a valid use-case for user space to copy smaller portions of *hwrpb into user space. https://github.com/torvalds/linux/commit/21c5977a836e399fc71...
- Linus Torvalds accepts a merge commit to the Linux kernel
-
TinyMCE (also) moving from MIT to GPL
Correct. And the combined work needs to carry the MIT license text and copyright attributions for the MIT software authors. With binary distribution it must also be overt, not hidden in some source code drop, but directly accompanying the binary.
Many people who talk about relicensing never credit the MIT developers or distribute the MIT license text. "Because it's GPL now."
I don't think that you believe that, but many developers do.
Some don't see the need for source code scans for Open Source compliance, because the license.txt says GPL, so it's GPL. Prime example is the Linux kernel. There is code under different licenses in there, but people don't even read https://github.com/torvalds/linux/blob/master/COPYING till the end ("In addition, other licenses may also apply.") and conclude it's simply GPL 2 and nothing else.
Also be aware that sublicensing is not the same as relicensing.
-
Linus Torvalds is looking for a more modern GUI editor
> Does he have something against it?
He notoriously hates GNU Emacs, yes.
https://marc.info/?m=122955159617722
https://github.com/torvalds/linux/blob/master/Documentation/...
-
The Linux Kernel Prepares for Rust 1.77 Upgrade
So If we would only count code and not comments, it is only 9489 LoC Rust. Which would be about 0.03% and if we take all lines and not only LoC it would be around 0.05%
[0] https://github.com/XAMPPRocky/tokei
[1] https://github.com/torvalds/linux/commit/b401b621758e46812da...
-
Proposed Windows NT sync driver brings big Wine/Proton performance improvements
AIUI fsync is built on futex_waitv which has been upstreamed. So this has to be more than that.
https://github.com/torvalds/linux/commit/a0eb2da92b715d0c97b...
What are some alternatives?
clevis - Automated Encryption Framework
zen-kernel - Zen Patched Kernel Sources
sedutil - Use sedutil for setting up and using self encrypting drives (SEDs) that comply with the TCG OPAL 2.00 standard. This includes the requisite pre-boot authentication image.
DS4Windows - Like those other ds4tools, but sexier
docker-traefik - Docker media and home server stack with Docker Compose, Traefik, Swarm Mode, Google OAuth2/Authelia, and LetsEncrypt
winapps - Run Windows apps such as Microsoft Office/Adobe in Linux (Ubuntu/Fedora) and GNOME/KDE as if they were a part of the native OS, including Nautilus integration.
booster - Fast and secure initramfs generator
Open and cheap DIY IP-KVM based on Raspberry Pi - Open and inexpensive DIY IP-KVM based on Raspberry Pi
systemd - systemd upstream
serenity - The Serenity Operating System 🐞
linux-luks-tpm-boot - A guide for setting up LUKS boot with a key from TPM in Linux
DsHidMini - Virtual HID Mini-user-mode-driver for Sony DualShock 3 Controllers