I performed my periodic refresh of my Arch Linux install and wanted to improve how my full disc encryption was handled.
Previously I used LVM on LUKS with an encrypted boot partition. However, that limits which bootloader you can use to GRUB, and
GRUB is not the quickest to unlock the LUKS partition.
I was also curious if I could use my YubiKey for part of the encryption process rather than just a long password to type on boot.
I can’t say that I made it much more convenient though, as now I have to have my YubiKey inserted and press the button on it to
boot my computer, but it was fun implementing it and getting it to work.
I recently purchased a new Yubikey and found myself needing to set it up and configure it with PGP keys. As I use it for SSH
authentication and commit signing. I of course forgot how I initially configured my older Yubikey for this. Thankfully a quick
google search later I was able to figure out how to set it up. I am going to document it this time for future reference and
as a more condensed version of the results I found.
When I setup my GPG keys on my Yubikey I set the expiration of the keys to be two years and forgot all about it. Until recently
when the keys hit the two-year mark and expired. I had of course forgotten how exactly I set up the keys initially and
how to renew them. After some research and experimenting with the gpg2 commands, I was able to renew them.
I decided I would document the process for when this inevitably happens again in two years.
I wanted to reinstall Arch Linux on my laptop and after having just re-installed it and configured it how I liked
on my desktop, I thought there had to be a better way than manually installing packages and doing configuration
every time I install. I was in no rush to get a working installation on my laptop, I decided now would be the time
to explore a way to automate the installation.
As I was working on creating my automated installation script for Arch Linux, I realized that I would also like to
install packages from the AUR. Building the packages in the installation would be time-consuming, and a bit cumbersome
due needing to make the packages as a non-root user, but needing to be a root user to install the packages. Having
a repo with the packages already pre-built sounds like a much better option. Plus I can continue to use this repo
after the installation and let my server spend the time building the packages, rather than me waiting at the command line.