mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-16 22:42:21 +08:00
Merge remote-tracking branch 'LCTT/master'
This commit is contained in:
commit
b89e83fa6b
184
published/20201022 5 steps to learn any programming language.md
Normal file
184
published/20201022 5 steps to learn any programming language.md
Normal file
@ -0,0 +1,184 @@
|
|||||||
|
[#]: collector: "lujun9972"
|
||||||
|
[#]: translator: "xiao-song-123"
|
||||||
|
[#]: reviewer: "wxy"
|
||||||
|
[#]: publisher: "wxy"
|
||||||
|
[#]: url: "https://linux.cn/article-12842-1.html"
|
||||||
|
[#]: subject: "5 steps to learn any programming language"
|
||||||
|
[#]: via: "https://opensource.com/article/20/10/learn-any-programming-language"
|
||||||
|
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
|
||||||
|
|
||||||
|
五步学会任何编程语言
|
||||||
|
======
|
||||||
|
|
||||||
|
> 只需一点编程经验,你就可以在短短几天内(有时更少)学会一种新编程语言。
|
||||||
|
|
||||||
|
![](https://img.linux.net.cn/data/attachment/album/202011/19/225851j7miw3kd17joowa7.jpg)
|
||||||
|
|
||||||
|
有些人喜欢学习新的编程语言,也有一些人觉得学习一种都是可望不可及的事情。在本文中,我将向你展示如何像程序员一样思考,这样你就可以自信地学习任何一门你想要学习的编程语言。
|
||||||
|
|
||||||
|
事实上,一旦你学会了如何编程,你使用的编程语言就不再是一个障碍,而更像是一种形式。实际上,这就是教育家们倡导 [让孩子尽早学习编程][2] 的众多原因之一。不管他们的入门语言有多简单,这种编程的逻辑和儿童们(或成人学习者)以后可能遇到的其他语言的逻辑有着想通之处。
|
||||||
|
|
||||||
|
只需有一点编程经验(你可以从我们这里的几篇介绍性文章中获得),你就可以在短短几天内(有时更短)学习任何编程语言。这并不是魔法,你也确实要为此付出一些努力。诚然,学习一种编程语言每个的可用库,或者学习打包代码以及进行交付的细微差别,需要的时间远远不止几天。但是,就入门来说,比你想像中的要容易许多,剩下的则要通过不断练习来完成。
|
||||||
|
|
||||||
|
当有经验的程序员静下心来学习一门新的编程语言时,他们会寻找五样东西。只要你知道了这五件事,你就可以开始编码了。
|
||||||
|
|
||||||
|
### 1、语法
|
||||||
|
|
||||||
|
![Syntax][3]
|
||||||
|
|
||||||
|
语言的语法描述了代码的结构。这包括如何逐行编写代码,以及用于构造代码语句的实际单词。
|
||||||
|
|
||||||
|
例如,[Python][5] 以使用缩进来指示一个代码块在哪里结束以及另一代码块在哪里开始而闻名:
|
||||||
|
|
||||||
|
```
|
||||||
|
while j < rows:
|
||||||
|
while k < columns:
|
||||||
|
tile = Tile(k * w)
|
||||||
|
board.add(tile)
|
||||||
|
k += 1
|
||||||
|
j += 1
|
||||||
|
k = 0
|
||||||
|
```
|
||||||
|
|
||||||
|
[Lua][6] 只是使用关键字 `end`:
|
||||||
|
|
||||||
|
```
|
||||||
|
for i,obj in ipairs(hit) do
|
||||||
|
if obj.moving == 1 then
|
||||||
|
obj.x,obj.y = v.mouse.getPosition()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
```
|
||||||
|
|
||||||
|
[Java][7]、[C][8]、C++ 之类的编程语言使用花括号:
|
||||||
|
|
||||||
|
```
|
||||||
|
while (std::getline(e,r)) {
|
||||||
|
wc++;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
编程语言的语法还包括包括库、设置变量和终止行等内容。通过练习,你将学会在阅读示例代码时下意识地识别语法需求(和惯例)。
|
||||||
|
|
||||||
|
#### 实践
|
||||||
|
|
||||||
|
当学习一门新的编程语言时,要努力理解它的语法。你不需要去记住它,只需要知道如果忘记了以后去哪里查找。使用好的 [IDE][9] 也很有帮助,因为很多 IDE 在出现语法错误时会提醒你。
|
||||||
|
|
||||||
|
### 2、内置函数和条件
|
||||||
|
|
||||||
|
![built-in words][10]
|
||||||
|
|
||||||
|
就像自然语言一样,编程语言可以识别的合法单词是有限的。这个词汇表可以使用其他库进行扩展,但是核心语言知道一组特定的关键字。大多数语言并没有你想的那么多关键字。即使在像 C 语言这样非常低级的语言中,也只有 32 个关键字,比如 `for`、`do`、`while`、`int`、`float`、`char`、`break` 等等。
|
||||||
|
|
||||||
|
了解了这些关键字,你就可以编写基本的表达式,也就是构建程序的代码块。许多内置的关键字能帮助你构建条件语句,这些条件语句影响整个程序的流程。例如,如果你想编写一个允许单击和拖动图标的程序,那么你的代码就必须检测用户的鼠标指针何时位于图标上。只有当鼠标光标位于图标外部边缘相同的坐标时,才执行导致使鼠标抓取图标的代码。这是一个经典的 `if` / `then` 语句,但不同的语言可以用不同的方式表达。
|
||||||
|
|
||||||
|
Python 使用 `if`、`elif `和 `else` 的组合来实现条件语句,但是并不显式的关闭语句:
|
||||||
|
|
||||||
|
```
|
||||||
|
if var == 1:
|
||||||
|
# action
|
||||||
|
elif var == 2:
|
||||||
|
# some action
|
||||||
|
else:
|
||||||
|
# some other action
|
||||||
|
```
|
||||||
|
|
||||||
|
[Bash][11] 使用 `if`、`elif`、`else`,并且使用 `fi` 来结束语句:
|
||||||
|
|
||||||
|
```
|
||||||
|
if [ "$var" = "foo" ]; then
|
||||||
|
# action
|
||||||
|
elif [ "$var" = "bar" ]; then
|
||||||
|
# some action
|
||||||
|
else
|
||||||
|
# some other action
|
||||||
|
fi
|
||||||
|
```
|
||||||
|
|
||||||
|
然而 C 和 Java, 使用 `if`、`else` 和 `else if`,用花括号把它们括起来:
|
||||||
|
|
||||||
|
```
|
||||||
|
if (boolean) {
|
||||||
|
// action
|
||||||
|
} else if (boolean) {
|
||||||
|
// some action
|
||||||
|
} else {
|
||||||
|
// some other action
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
各种编程语言虽然在关键字的选择和语法上有细微的变化,但基本是相同的。学习如何在编程语言中定义条件语句,包括 `if` / `then`、`do...while` 和 `case` 语句。
|
||||||
|
|
||||||
|
#### 实践
|
||||||
|
|
||||||
|
要熟悉编程语言能够理解的关键字集。在实践中,你的代码将不仅仅包含编程语言的关键字,可以肯定的是,有包含很多简单函数的库来帮助你做一些事情,诸如将输出打印到屏幕或显示窗口之类。然而,驱动这些库的逻辑始于编程语言的内置关键字。
|
||||||
|
|
||||||
|
### 3、数据类型
|
||||||
|
|
||||||
|
![Data types][12]
|
||||||
|
|
||||||
|
代码是用来处理数据的,因此你必须学习编程语言如何识别不同类型的数据。所有编程语言都能理解整数,大多数的语言能理解小数和单个字符(`a`、`b`、`c` 等等)。它们通常被表示为 `int`、 `float`、`double` 和 `char`,当然,语言的内置词汇表会告诉你如何引用这些实体。
|
||||||
|
|
||||||
|
有时候,在编程语言中内置了一些额外的数据类型,也有时是通过引用库来启用复杂的数据类型。例如,Python 可以识别关键字为 `str` 的字符串,但是 C 语言的代码中必须包含 `string.h` 头文件才能实现字符串特性。
|
||||||
|
|
||||||
|
#### 实践
|
||||||
|
|
||||||
|
库可以为你的代码解锁各种类型的数据,但是学习编程语言中包含的基本数据类型是一个明智的起点。
|
||||||
|
|
||||||
|
### 4、运算符和解析器
|
||||||
|
|
||||||
|
![Operators][13]
|
||||||
|
|
||||||
|
一旦你理解了编程语言可处理的数据类型,就可以学习如何分析这些数据了。幸运的是,数学这门学科是相当稳定的,所以算数运算符在许多语言中通常是相同的(或至少非常相似)。例如,两个整数相加通常用 `+` 符号完成,而测试一个整数是否大于另一个整数通常用 `>` 符号完成。测试是否相等通常使用 `==` 来完成(是的,是两个等号,因为通常一个等号用来赋值)。
|
||||||
|
|
||||||
|
当然也有一些例外,比如像 Lisp 和 Bash 语言算数运算符就不是如此,但与其他语言一样,这只是一个心理翻译的问题。一旦你了解了表达方式有何不同,很快就可以适应它。快速浏览一下一门编程语言的算数运算符通常足以让你了解算数操作是如何完成的。
|
||||||
|
|
||||||
|
你还需要知道如何比较和操作非数值数据,比如字符和字符串。这些通常是通过编程语言的核心库来进行的的。例如,Python 提供了 `split()` 方法,而 C 语言需要引入头文件 `string.h` 来提供 `strtok()` 函数。
|
||||||
|
|
||||||
|
#### 实践
|
||||||
|
|
||||||
|
了解用于处理基本数据类型的基本函数和关键字,并寻找可帮助你完成复杂操作的核心库。
|
||||||
|
|
||||||
|
### 5、函数
|
||||||
|
|
||||||
|
![Class][14]
|
||||||
|
|
||||||
|
代码不只是计算机的待办清单。通常情况下,在编写代码时你往往希望向计算机提供一组理论条件和一组操作指令,当满足每个条件时计算机就会采取这些操作。尽管使用条件语句以及数学和逻辑运算符进行流控制可以做很多事情,但是引入了函数和类之后,代码会变得更加高效,因为它们使你可以定义子程序。例如,如果应用程序非常频繁地需要一个确认对话框,那么将其作为类的实例编写一次要比每次需要它时重新编写实现起来要容易得多。
|
||||||
|
|
||||||
|
你需要学习如何在编程语言中定义类和函数。更准确地说,你首先需要了解编程语言中是否支持类和函数。大多数现代语言都支持函数,但是类是面向对象的编程语言中所特有的。
|
||||||
|
|
||||||
|
#### 实践
|
||||||
|
|
||||||
|
学习语言中可用的结构,这些结构可以帮助你高效地编写和使用代码。
|
||||||
|
|
||||||
|
### 你可以学到任何东西
|
||||||
|
|
||||||
|
学习编程语言,就其本身而言,是一种编码过程中的子程序。一旦理解了代码如何工作,你所使用的语言就只是一种传递逻辑的媒介。学习一门新编程语言的过程几乎都是一样的:通过简单的练习来学习语法,通过学习词汇来积累进行复杂动作的能力,然后练习、练习、再练习。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://opensource.com/article/20/10/learn-any-programming-language
|
||||||
|
|
||||||
|
作者:[Seth Kenlon][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[xiao-song-123](https://github.com/xiao-song-123)
|
||||||
|
校对:[wxy](https://github.com/wxy)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://opensource.com/users/seth
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/learn-programming-code-keyboard.png?itok=xaLyptT4 "Learning to program"
|
||||||
|
[2]: https://opensource.com/article/20/9/scratch
|
||||||
|
[3]: https://opensource.com/sites/default/files/uploads/syntax_0.png "Syntax"
|
||||||
|
[4]: https://creativecommons.org/licenses/by-sa/4.0/
|
||||||
|
[5]: https://opensource.com/downloads/cheat-sheet-python-37-beginners
|
||||||
|
[6]: https://opensource.com/article/20/2/lua-cheat-sheet
|
||||||
|
[7]: https://opensource.com/downloads/java-cheat-sheet
|
||||||
|
[8]: https://opensource.com/downloads/c-programming-cheat-sheet
|
||||||
|
[9]: https://opensource.com/resources/what-ide
|
||||||
|
[10]: https://opensource.com/sites/default/files/uploads/builtin.png "built-in words"
|
||||||
|
[11]: https://opensource.com/downloads/bash-cheat-sheet
|
||||||
|
[12]: https://opensource.com/sites/default/files/uploads/type.png "Data types"
|
||||||
|
[13]: https://opensource.com/sites/default/files/uploads/operator.png "Operators"
|
||||||
|
[14]: https://opensource.com/sites/default/files/uploads/class.png "Class"
|
@ -1,5 +1,5 @@
|
|||||||
[#]: collector: (lujun9972)
|
[#]: collector: (lujun9972)
|
||||||
[#]: translator: ( )
|
[#]: translator: (geekpi)
|
||||||
[#]: reviewer: ( )
|
[#]: reviewer: ( )
|
||||||
[#]: publisher: ( )
|
[#]: publisher: ( )
|
||||||
[#]: url: ( )
|
[#]: url: ( )
|
||||||
|
@ -1,272 +0,0 @@
|
|||||||
[#]: collector: (lujun9972)
|
|
||||||
[#]: translator: (geekpi)
|
|
||||||
[#]: reviewer: ( )
|
|
||||||
[#]: publisher: ( )
|
|
||||||
[#]: url: ( )
|
|
||||||
[#]: subject: (Unlock encrypted disks on Linux automatically)
|
|
||||||
[#]: via: (https://opensource.com/article/20/11/nbde-linux)
|
|
||||||
[#]: author: (Curt Warfield https://opensource.com/users/rcurtiswarfield)
|
|
||||||
|
|
||||||
Unlock encrypted disks on Linux automatically
|
|
||||||
======
|
|
||||||
Open encrypted disks without having to manually enter a passcode by
|
|
||||||
using Network-Bound Disk Encryption (NBDE).
|
|
||||||
![Lock][1]
|
|
||||||
|
|
||||||
From a security viewpoint, it's important to encrypt your sensitive data to protect it from prying eyes and hackers. Linux Unified Key Setup ([LUKS][2]) is a great tool and a common standard for Linux disk encryption. Because it stores all pertinent setup information in the partition header, it makes migrating data easy.
|
|
||||||
|
|
||||||
To configure encrypted disks or partitions with LUKS, you will need to use the [cryptsetup][3] utility. Unfortunately, one of the downsides of encrypting your disks is that you have to manually provide the password every time the system is rebooted or the disk is remounted.
|
|
||||||
|
|
||||||
However, Network-Bound Disk Encryption (NBDE) can automatically and securely unlock encrypted disks without any user intervention. It is available in several Linux distributions, beginning with Red Hat Enterprise Linux 7.4, CentOS 7.4, and Fedora 24, and in later versions of each.
|
|
||||||
|
|
||||||
NBDE is implemented with the following technologies:
|
|
||||||
|
|
||||||
* **[Clevis framework][4]:** A pluggable framework tool that automatically decrypts and unlocks LUKS volumes
|
|
||||||
* **[Tang server][5]:** A service for binding cryptographic keys to network presence
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Tang provides the encryption keys to the Clevis client. According to Tang's developers, this provides a secure, stateless, anonymous alternative to key escrow services.
|
|
||||||
|
|
||||||
Because NBDE uses the client-server architecture, you must configure both the client and the server. You can use a virtual machine on your local network for your Tang server.
|
|
||||||
|
|
||||||
### Server installation
|
|
||||||
|
|
||||||
Install Tang using sudo:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo yum install tang -y`
|
|
||||||
```
|
|
||||||
|
|
||||||
Enable the Tang server:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo systemctl enable tangd.socket --now`
|
|
||||||
```
|
|
||||||
|
|
||||||
The Tang server works on port 80 and must be added to firewalld. Add the appropriate firewalld rule:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo firewall-cmd --add-port=tcp/80 --perm
|
|
||||||
sudo firewall-cmd --reload
|
|
||||||
```
|
|
||||||
|
|
||||||
The server should now be installed.
|
|
||||||
|
|
||||||
### Client installation
|
|
||||||
|
|
||||||
For this example, assume you have added a new 1GB disk named `/dev/vdc` to your system.
|
|
||||||
|
|
||||||
Create the primary partition using fdisk or parted:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo fdisk /dev/vdc
|
|
||||||
```
|
|
||||||
|
|
||||||
Complete the following steps to install the client.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Welcome to fdisk (util-linux 2.23.2).
|
|
||||||
|
|
||||||
Changes will remain in memory only, until you decide to write them.
|
|
||||||
Be careful before using the write command.
|
|
||||||
|
|
||||||
Device does not contain a recognized partition table
|
|
||||||
Building a new DOS disklabel with disk identifier 0x4a6812d4.
|
|
||||||
|
|
||||||
Command (m for help):
|
|
||||||
```
|
|
||||||
|
|
||||||
Enter **n** to create the new partition:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Partition type:
|
|
||||||
p primary (0 primary, 0 extended, 4 free)
|
|
||||||
e extended
|
|
||||||
Select (default p):
|
|
||||||
```
|
|
||||||
|
|
||||||
Hit the **Enter** key to select the primary partition:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Using default response p
|
|
||||||
Partition number (1-4, default 1):
|
|
||||||
```
|
|
||||||
|
|
||||||
Hit the **Enter** key to select the default partition number:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
First sector (2048-2097151, default 2048):
|
|
||||||
Using default value 2048
|
|
||||||
Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151):
|
|
||||||
```
|
|
||||||
|
|
||||||
Hit the **Enter** key to select the last sector:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
Using default value 2097151
|
|
||||||
Partition 1 of type Linux and of size 1023 MiB is set
|
|
||||||
|
|
||||||
Command (m for help): wq
|
|
||||||
```
|
|
||||||
|
|
||||||
Type **wq** to save the changes and exit fdisk:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
The partition table has been altered!
|
|
||||||
|
|
||||||
Calling ioctl() to re-read partition table.
|
|
||||||
Syncing disks.
|
|
||||||
```
|
|
||||||
|
|
||||||
Run `partprobe` to inform the system of the partition table changes:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo partprobe`
|
|
||||||
```
|
|
||||||
|
|
||||||
Install the cryptsetup package using sudo:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo yum install cryptsetup -y`
|
|
||||||
```
|
|
||||||
|
|
||||||
Use the `cryptsetup luksFormat` command to encrypt the disk. You will need to type **YES** when prompted and also choose and enter a passphrase to encrypt the disk:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo cryptsetup luksFormat /dev/vdc1
|
|
||||||
WARNING!
|
|
||||||
========
|
|
||||||
This will overwrite data on /dev/vdc1 irrevocably.
|
|
||||||
|
|
||||||
Are you sure? (Type uppercase yes):
|
|
||||||
|
|
||||||
Enter passphrase for /dev/vdc1:
|
|
||||||
Verify passphrase:
|
|
||||||
```
|
|
||||||
|
|
||||||
Use the `cryptsetup luksOpen` command to map the encrypted partition to a logical device. For example, use `encryptedvdc1` as the name. You will also need to enter the passphrase again:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo cryptsetup luksOpen /dev/vdc1 encryptedvdc1
|
|
||||||
Enter passphrase for /dev/vdc1:
|
|
||||||
```
|
|
||||||
|
|
||||||
The encrypted partition is now available at `/dev/mapper/encryptedvdc1`.
|
|
||||||
|
|
||||||
Create an XFS filesystem on the encrypted partition:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo mkfs.xfs /dev/mapper/encryptedvdc1`
|
|
||||||
```
|
|
||||||
|
|
||||||
Create a directory for mounting the encrypted partition:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo mkdir /encrypted`
|
|
||||||
```
|
|
||||||
|
|
||||||
Use the `cryptsetup luksClose` command to lock the partition:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`cryptsetup luksClose encryptedvdc1`
|
|
||||||
```
|
|
||||||
|
|
||||||
Install the Clevis packages using sudo:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo yum install clevis clevis-luks clevis-dracut -y`
|
|
||||||
```
|
|
||||||
|
|
||||||
Modify /etc/crypttab to open the encrypted volume at boot time:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo vim /etc/crypttab`
|
|
||||||
```
|
|
||||||
|
|
||||||
Add the following line:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`encryptedvdc1 /dev/vdc1 none _netdev`
|
|
||||||
```
|
|
||||||
|
|
||||||
Modify /etc/fstab to automatically mount the encrypted volume during a reboot or at boot time:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo vim /etc/fstab`
|
|
||||||
```
|
|
||||||
|
|
||||||
Add the following line:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`/dev/mapper/encryptedvdc1 /encrypted xfs _netdev 1 2`
|
|
||||||
```
|
|
||||||
|
|
||||||
For this example, assume the Tang server's IP address is `192.168.1.20`. You can also use the hostname or domain if you prefer.
|
|
||||||
|
|
||||||
Run the following `clevis` command:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo clevis bind luks -d /dev/vdc1 tang '{"url":"<http://192.168.1.20"}>'
|
|
||||||
The advertisement contains the following signing keys:
|
|
||||||
|
|
||||||
rwA2BAITfYLuyNiIeYUMBzkhk7M
|
|
||||||
|
|
||||||
Do you wish to trust these keys? [ynYN] Y
|
|
||||||
Enter existing LUKS password:
|
|
||||||
```
|
|
||||||
|
|
||||||
Type **Y** to accept the keys for the Tang server and provide the existing LUKS password for the initial setup.
|
|
||||||
|
|
||||||
Enable clevis-luks-askpass.path via systemctl in order to prevent being prompted for the passphrase for non-root partitions.
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
`sudo systemctl enable clevis-luks-askpass.path`
|
|
||||||
```
|
|
||||||
|
|
||||||
The client is installed. Now, whenever you reboot the server, the encrypted disk should automatically be decrypted and mounted by retrieving the keys from the Tang server.
|
|
||||||
|
|
||||||
If the Tang server is unavailable for any reason, you'll need to provide the passphrase manually in order to decrypt and mount the partition.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: https://opensource.com/article/20/11/nbde-linux
|
|
||||||
|
|
||||||
作者:[Curt Warfield][a]
|
|
||||||
选题:[lujun9972][b]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]: https://opensource.com/users/rcurtiswarfield
|
|
||||||
[b]: https://github.com/lujun9972
|
|
||||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
|
|
||||||
[2]: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
|
|
||||||
[3]: https://gitlab.com/cryptsetup/cryptsetup
|
|
||||||
[4]: https://github.com/latchset/clevis
|
|
||||||
[5]: https://github.com/latchset/tang
|
|
@ -1,198 +0,0 @@
|
|||||||
[#]: collector: "lujun9972"
|
|
||||||
[#]: translator: "xiao-song-123"
|
|
||||||
[#]: reviewer: " "
|
|
||||||
[#]: publisher: " "
|
|
||||||
[#]: url: " "
|
|
||||||
[#]: subject: "5 steps to learn any programming language"
|
|
||||||
[#]: via: "https://opensource.com/article/20/10/learn-any-programming-language"
|
|
||||||
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
|
|
||||||
|
|
||||||
学习任何编程语言的 5 个步骤
|
|
||||||
======
|
|
||||||
只需一点编程经验,您就可以在几天内(有时更少)学习一种新语言。
|
|
||||||
![Learning to program][1]
|
|
||||||
|
|
||||||
有些人喜欢学习新的编程语言,也有一些人连学习一种都是可望不可即的事情。在本文中,我将向您展示如何像程序员一样思考,以便您可以自信地学习所需的任何编程语言。
|
|
||||||
|
|
||||||
事实上,一旦您学会了如何编程,您使用的语言就不再是一个障碍,而更像是一种形式。这只是教育家们倡导 [让孩子尽早学习编程][2] 的众多原因之一。不管他们的入门语言有多简单,这种编程的逻辑和儿童(或成人学习者)以后可能遇到的其他东西的逻辑有着相同之处。
|
|
||||||
|
|
||||||
只需有一点编程经验(您可以从 Opensource.com 上的任何一篇介绍性文章中获得),您就可以在几天内(有时更短)学习任何编程语言。这并不是魔法,现在您也必须要为此付出一些努力。诚然,学习一种语言每个的可用库,或者学习打包代码以及进行交付的细微差别,需要的时间远远不止几天。但是,就入门来说,比您想像中的要容易许多,剩下的则要通过不断练习来完成。
|
|
||||||
|
|
||||||
当有经验的程序员静下心来学习一门新的编程语言时,他们会寻找五样东西。只要您知道了这五件事,您就可以开始编码了。
|
|
||||||
|
|
||||||
### 1\. 语法
|
|
||||||
|
|
||||||
![Syntax][3]
|
|
||||||
|
|
||||||
(Seth Kenlon, [CC BY-SA 4.0][4])
|
|
||||||
|
|
||||||
语言的语法描述了代码的结构。这包括如何逐行编写代码,以及用于构造代码语句的实际单词。
|
|
||||||
|
|
||||||
例如,[Python][5] 因使用缩进来指示一个代码块在哪里结束以及另一代码块在哪里开始而闻名:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
while j < rows:
|
|
||||||
while k < columns:
|
|
||||||
tile = Tile(k * w)
|
|
||||||
board.add(tile)
|
|
||||||
k += 1
|
|
||||||
j += 1
|
|
||||||
k = 0
|
|
||||||
```
|
|
||||||
|
|
||||||
[Lua][6] 只是使用关键字 `end`:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
for i,obj in ipairs(hit) do
|
|
||||||
if obj.moving == 1 then
|
|
||||||
obj.x,obj.y = v.mouse.getPosition()
|
|
||||||
end
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
[Java][7], [C][8], C++, 和类似的编程语言使用花括号:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
while (std::getline(e,r)) {
|
|
||||||
wc++;
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
编程语言的语法还包括包括库、设置变量和终止行等内容。通过练习,您将学会在阅读示例代码时下意识地识别语法需求(和惯例)。
|
|
||||||
|
|
||||||
#### 实践
|
|
||||||
|
|
||||||
当学习一门新的编程语言时,要努力理解它的语法。您不需要去记住它,只需要知道如果忘记了以后去哪里看。使用好的 [IDE][9] 也很有帮助,因为很多 IDE 在出现语法错误时会提醒您。
|
|
||||||
|
|
||||||
### 2\. 内置函数和条件
|
|
||||||
|
|
||||||
![built-in words][10]
|
|
||||||
|
|
||||||
(Seth Kenlon, [CC BY-SA 4.0][4])
|
|
||||||
|
|
||||||
就像自然语言一样,编程语言可以识别的合法单词是有限的。这个词汇表可以使用其他库进行扩展,但是核心语言知道一组特定的关键字。大多数语言并没有您想的那么多关键字。即使在像 C 语言这样非常低级的语言中,也只有 32 个关键字,比如 `for`, `do`, `while`, `int`, `float`, `char`, `break` 等等。
|
|
||||||
|
|
||||||
了解了这些关键字,您就可以编写基本的表达式,也就是构建程序的代码块。许多内置的关键字能帮助您构建条件语句,这些条件语句影响整个程序的流程。例如,如果您想编写一个允许单击和拖动图标的程序,那么您的代码就必须检测用户的鼠标指针何时位于图标上。只有当鼠标光标位于图标外部边缘相同的坐标时,才执行导致使鼠标抓取图标的代码。这是一个经典的 if / then 语句,不同的语言可以用不同的方式表达。
|
|
||||||
|
|
||||||
Python 使用 `if`, `elif `和 `else` 的组合来实现条件语句,但是并不显式的关闭语句:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
if var == 1:
|
|
||||||
# action
|
|
||||||
elif var == 2:
|
|
||||||
# some action
|
|
||||||
else:
|
|
||||||
# some other action
|
|
||||||
```
|
|
||||||
|
|
||||||
[Bash][11] 使用 `if`, `elif`, `else`, 并且使用 `fi` 来结束语句:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
if [ "$var" = "foo" ]; then
|
|
||||||
# action
|
|
||||||
elif [ "$var" = "bar" ]; then
|
|
||||||
# some action
|
|
||||||
else
|
|
||||||
# some other action
|
|
||||||
fi
|
|
||||||
```
|
|
||||||
|
|
||||||
然而 C 和 Java, 使用 `if`, `else` 和 `else if`, 用花括号把它们括起来:
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
if (boolean) {
|
|
||||||
// action
|
|
||||||
} else if (boolean) {
|
|
||||||
// some action
|
|
||||||
} else {
|
|
||||||
// some other action
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
各种编程语言虽然在关键字的选择和语法上有细微的变化,但基本是相同的。学习如何在编程语言中定义条件语句,包括 `if/then`, `do...while` 和 `case` 语句。
|
|
||||||
|
|
||||||
#### 实践
|
|
||||||
|
|
||||||
要去熟悉编程语言能够理解的关键字集。在实践中,您的代码将不仅仅包含一种语言的关键字。可以肯定的是,有许多库中包含一些简单的函数,它们可以帮助您完成诸如将输出打印到屏幕或显示窗口之类的操作。然而,驱动这些库的逻辑始于编程语言的内置关键字。
|
|
||||||
|
|
||||||
### 3\. 数据类型
|
|
||||||
|
|
||||||
![Data types][12]
|
|
||||||
|
|
||||||
(Seth Kenlon, [CC BY-SA 4.0][4])
|
|
||||||
|
|
||||||
代码是用来处理数据的,因此您必须学习编程语言如何识别不同类型的数据。所有编程语言都能理解整数,大多数的语言能理解小数和单个字符 (a, b, c 等等)。它们通常被表示为 `int` , `float`,`double` 和 `char`, 当然,语言的内置词汇表会告诉您如何引用这些实体。
|
|
||||||
|
|
||||||
有时候,在编程语言中内置了一些额外的数据类型,也有时是通过引用库来启用复杂的数据类型。例如,Python 可以识别关键字为 `str` 的字符串,但是 C 语言的代码中必须包含 `string.h` 头文件才能实现字符串特性。
|
|
||||||
|
|
||||||
#### 实践
|
|
||||||
|
|
||||||
库可以为您的代码解锁所有类型的数据,但是学习编程语言中包含的基本数据类型是一个明智的起点。
|
|
||||||
|
|
||||||
### 4\. 运算符和解析器
|
|
||||||
|
|
||||||
![Operators][13]
|
|
||||||
|
|
||||||
(Seth Kenlon, [CC BY-SA 4.0][4])
|
|
||||||
|
|
||||||
一旦您理解了编程语言可处理的数据类型,就可以学习如何分析这些数据了。幸运的是,数学这门学科是相当稳定的,所以算数运算符在许多语言中通常是相同的(或至少非常相似)。例如,两个整数相加通常用 `+` 符号完成,而测试一个整数是否大于另一个整数通常用 `>` 符号完成。测试是否相等通常使用 `==` 来完成(是的,是两个等号,因为通常一个等号用来赋值)。
|
|
||||||
|
|
||||||
当然也有一些例外,比如像 Lisp 和 Bash 语言算数运算符就不是如此,但与其他语言一样,这只是一个音译的问题。一旦您了解了表达方式有何不同,很快就可以适应它。快速回顾一门编程语言的算数运算符通常足以让您了解算数操作是如何完成的。
|
|
||||||
|
|
||||||
您还需要知道如何比较和操作非数值数据,比如字符和字符串。这些通常是通过编程语言的核心库来进行的的。例如,Python 提供了 `split()` 方法,而 C 语言需要引入头文件 `string.h` 来提供 `strtok()` 函数。
|
|
||||||
|
|
||||||
#### 实践
|
|
||||||
|
|
||||||
了解用于处理基本数据类型的基本函数和关键字,并寻找可帮助您完成复杂操作的核心库。
|
|
||||||
|
|
||||||
### 5\. 函数
|
|
||||||
|
|
||||||
![Class][14]
|
|
||||||
|
|
||||||
(Seth Kenlon, [CC BY-SA 4.0][4])
|
|
||||||
|
|
||||||
代码不只是计算机的待办清单。通常情况下,在编写代码时您往往希望向计算机提供一组理论条件和一组操作指令,当满足每个条件时计算机就会采取这些操作。尽管使用条件语句以及数学和逻辑运算符进行流控制可以做很多事情,但是引入了函数和类之后,代码会变得更加高效,因为它们使您可以定义子程序。 例如,如果应用程序需要非常频繁地确认一个对话框,那么将其作为类的实例编写一次要比每次需要它时重新编写实现起来要容易得多。
|
|
||||||
|
|
||||||
您需要学习如何在编程语言中定义类和函数。更准确地说,您首先需要了解编程语言中是否支持类和函数。大多数现代语言都支持函数,但是类是面向对象的编程语言中所特有的。
|
|
||||||
|
|
||||||
#### 实践
|
|
||||||
|
|
||||||
学习语言中可用的结构,这些结构可以帮助您高效地编写和使用代码。
|
|
||||||
|
|
||||||
### 您可以学到任何东西
|
|
||||||
|
|
||||||
学习编程语言,就其本身而言,是一种编码过程中的子程序。一旦理解了代码如何工作,您所使用的语言就只是一种传递逻辑的媒介。学习一门新语言的过程几乎都是一样的:通过简单的练习来学习语法,通过学习词汇来积累进行复杂动作的能力,然后练习、练习、再练习。
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: https://opensource.com/article/20/10/learn-any-programming-language
|
|
||||||
|
|
||||||
作者:[Seth Kenlon][a]
|
|
||||||
选题:[lujun9972][b]
|
|
||||||
译者:[xiao-song-123](https://github.com/xiao-song-123)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]: https://opensource.com/users/seth
|
|
||||||
[b]: https://github.com/lujun9972
|
|
||||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/learn-programming-code-keyboard.png?itok=xaLyptT4 "Learning to program"
|
|
||||||
[2]: https://opensource.com/article/20/9/scratch
|
|
||||||
[3]: https://opensource.com/sites/default/files/uploads/syntax_0.png "Syntax"
|
|
||||||
[4]: https://creativecommons.org/licenses/by-sa/4.0/
|
|
||||||
[5]: https://opensource.com/downloads/cheat-sheet-python-37-beginners
|
|
||||||
[6]: https://opensource.com/article/20/2/lua-cheat-sheet
|
|
||||||
[7]: https://opensource.com/downloads/java-cheat-sheet
|
|
||||||
[8]: https://opensource.com/downloads/c-programming-cheat-sheet
|
|
||||||
[9]: https://opensource.com/resources/what-ide
|
|
||||||
[10]: https://opensource.com/sites/default/files/uploads/builtin.png "built-in words"
|
|
||||||
[11]: https://opensource.com/downloads/bash-cheat-sheet
|
|
||||||
[12]: https://opensource.com/sites/default/files/uploads/type.png "Data types"
|
|
||||||
[13]: https://opensource.com/sites/default/files/uploads/operator.png "Operators"
|
|
||||||
[14]: https://opensource.com/sites/default/files/uploads/class.png "Class"
|
|
@ -0,0 +1,271 @@
|
|||||||
|
[#]: collector: (lujun9972)
|
||||||
|
[#]: translator: (geekpi)
|
||||||
|
[#]: reviewer: ( )
|
||||||
|
[#]: publisher: ( )
|
||||||
|
[#]: url: ( )
|
||||||
|
[#]: subject: (Unlock encrypted disks on Linux automatically)
|
||||||
|
[#]: via: (https://opensource.com/article/20/11/nbde-linux)
|
||||||
|
[#]: author: (Curt Warfield https://opensource.com/users/rcurtiswarfield)
|
||||||
|
|
||||||
|
自动解锁 Linux 上的加密磁盘
|
||||||
|
======
|
||||||
|
通过使用网络绑定磁盘加密 (NBDE),无需手动输入密码即可打开加密磁盘。
|
||||||
|
![Lock][1]
|
||||||
|
|
||||||
|
从安全的角度来看,对敏感数据进行加密以保护其免受窥探和黑客的攻击是很重要的。Linux 统一密钥设置([LUKS][2])是一个很好的工具,也是 Linux 磁盘加密的通用标准。因为它将所有相关的设置信息存储在分区头中,所以它使数据迁移变得简单。
|
||||||
|
|
||||||
|
要使用 LUKS 配置加密磁盘或分区,你需要使用 [cryptsetup][3] 工具。不幸的是,加密磁盘的一个缺点是,每次系统重启或磁盘重新挂载时,你都必须手动提供密码。
|
||||||
|
|
||||||
|
然而,网络绑定磁盘加密 (NBDE) 可以在没有任何用户干预的情况下自动安全地解锁加密磁盘。它可以在一些 Linux 发行版中使用,从 Red Hat Enterprise Linux 7.4、CentOS 7.4 和 Fedora 24 开始,以及之后的后续版本。
|
||||||
|
|
||||||
|
NBDE 采用以下技术实现:
|
||||||
|
|
||||||
|
* **[Clevis 框架][4]:**一个可插拔的框架工具,可自动解密和解锁 LUKS 卷
|
||||||
|
* **[Tang 服务器][5]:**用于将加密密钥绑定到网络状态的服务
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Tang 向 Clevis 客户端提供加密密钥。 据 Tang 的开发人员介绍,这为密钥托管服务提供了一个安全、无状态、匿名的替代方案。
|
||||||
|
|
||||||
|
由于 NBDE 使用客户端-服务器架构,你必须同时配置客户端和服务器。你可以在你的本地网络上使用一个虚拟机作为 Tang 服务器。
|
||||||
|
|
||||||
|
### 服务器安装
|
||||||
|
|
||||||
|
用 sudo 安装 Tang:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo yum install tang -y`
|
||||||
|
```
|
||||||
|
|
||||||
|
启用 Tang 服务器:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo systemctl enable tangd.socket --now`
|
||||||
|
```
|
||||||
|
|
||||||
|
Tang 服务器工作在 80 端口,且必须加入 firewalld。 添加相应的 firewalld 规则:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo firewall-cmd --add-port=tcp/80 --perm
|
||||||
|
sudo firewall-cmd --reload
|
||||||
|
```
|
||||||
|
|
||||||
|
现在安装好了服务器。
|
||||||
|
|
||||||
|
### 客户端安装
|
||||||
|
|
||||||
|
在本例中,假设你已经添加了一个名为 `/dev/vdc` 的新的 1GB 磁盘到你的系统中。
|
||||||
|
|
||||||
|
使用 fdisk 或 parted 创建主分区:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo fdisk /dev/vdc
|
||||||
|
```
|
||||||
|
|
||||||
|
完成以下步骤来安装客户端。
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
Welcome to fdisk (util-linux 2.23.2).
|
||||||
|
|
||||||
|
Changes will remain in memory only, until you decide to write them.
|
||||||
|
Be careful before using the write command.
|
||||||
|
|
||||||
|
Device does not contain a recognized partition table
|
||||||
|
Building a new DOS disklabel with disk identifier 0x4a6812d4.
|
||||||
|
|
||||||
|
Command (m for help):
|
||||||
|
```
|
||||||
|
|
||||||
|
输入 **n** 来创建新的分区:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
Partition type:
|
||||||
|
p primary (0 primary, 0 extended, 4 free)
|
||||||
|
e extended
|
||||||
|
Select (default p):
|
||||||
|
```
|
||||||
|
|
||||||
|
按下**回车**键选择主分区:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
Using default response p
|
||||||
|
Partition number (1-4, default 1):
|
||||||
|
```
|
||||||
|
|
||||||
|
按下**回车**键选择默认分区号:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
First sector (2048-2097151, default 2048):
|
||||||
|
Using default value 2048
|
||||||
|
Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151):
|
||||||
|
```
|
||||||
|
|
||||||
|
按**回车**键选择最后一个扇区:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
Using default value 2097151
|
||||||
|
Partition 1 of type Linux and of size 1023 MiB is set
|
||||||
|
|
||||||
|
Command (m for help): wq
|
||||||
|
```
|
||||||
|
|
||||||
|
输入 **wq** 保存更改并退出 fdisk:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
The partition table has been altered!
|
||||||
|
|
||||||
|
Calling ioctl() to re-read partition table.
|
||||||
|
Syncing disks.
|
||||||
|
```
|
||||||
|
|
||||||
|
运行 `partprobe` 通知系统分区表的变化:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo partprobe`
|
||||||
|
```
|
||||||
|
|
||||||
|
使用 sudo 安装 cryptsetup 软件包:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo yum install cryptsetup -y`
|
||||||
|
```
|
||||||
|
|
||||||
|
使用 `cryptsetup luksFormat` 命令对磁盘进行加密。当提示时,你需要输入 **YES**,并选择和输入密码来加密磁盘:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo cryptsetup luksFormat /dev/vdc1
|
||||||
|
WARNING!
|
||||||
|
========
|
||||||
|
This will overwrite data on /dev/vdc1 irrevocably.
|
||||||
|
|
||||||
|
Are you sure? (Type uppercase yes):
|
||||||
|
|
||||||
|
Enter passphrase for /dev/vdc1:
|
||||||
|
Verify passphrase:
|
||||||
|
```
|
||||||
|
|
||||||
|
使用 `cryptsetup luksOpen` 命令将加密的分区映射到一个逻辑设备上。例如,使用 `encryptedvdc1` 作为名称。你还需要再次输入密码:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo cryptsetup luksOpen /dev/vdc1 encryptedvdc1
|
||||||
|
Enter passphrase for /dev/vdc1:
|
||||||
|
```
|
||||||
|
|
||||||
|
加密分区现在在 `/dev/mapper/encryptedvdc1` 中可用。
|
||||||
|
|
||||||
|
在加密的分区上创建一个 XFS 文件系统:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo mkfs.xfs /dev/mapper/encryptedvdc1`
|
||||||
|
```
|
||||||
|
|
||||||
|
创建一个挂载加密分区的目录:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo mkdir /encrypted`
|
||||||
|
```
|
||||||
|
|
||||||
|
使用 `cryptsetup luksClose` 命令锁定分区:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`cryptsetup luksClose encryptedvdc1`
|
||||||
|
```
|
||||||
|
|
||||||
|
使用 sudo 安装 Clevis 软件包:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo yum install clevis clevis-luks clevis-dracut -y`
|
||||||
|
```
|
||||||
|
|
||||||
|
修改 /etc/crypttab,在启动时打开加密卷:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo vim /etc/crypttab`
|
||||||
|
```
|
||||||
|
|
||||||
|
增加以下一行:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`encryptedvdc1 /dev/vdc1 none _netdev`
|
||||||
|
```
|
||||||
|
|
||||||
|
修改 /etc/fstab,在重启时或启动时自动挂载加密卷:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo vim /etc/fstab`
|
||||||
|
```
|
||||||
|
|
||||||
|
增加以下一行:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`/dev/mapper/encryptedvdc1 /encrypted xfs _netdev 1 2`
|
||||||
|
```
|
||||||
|
|
||||||
|
在这个例子中,假设 Tang 服务器的 IP 地址是 `192.168.1.20`。如果你喜欢,也可以使用主机名或域名。
|
||||||
|
|
||||||
|
运行以下 `clevis` 命令:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo clevis bind luks -d /dev/vdc1 tang '{"url":"<http://192.168.1.20"}>'
|
||||||
|
The advertisement contains the following signing keys:
|
||||||
|
|
||||||
|
rwA2BAITfYLuyNiIeYUMBzkhk7M
|
||||||
|
|
||||||
|
Do you wish to trust these keys? [ynYN] Y
|
||||||
|
Enter existing LUKS password:
|
||||||
|
```
|
||||||
|
|
||||||
|
输入 **Y** 接受 Tang 服务器的密钥,并提供现有的 LUKS 密码进行初始设置。
|
||||||
|
|
||||||
|
通过 systemctl 启用 clevis-luks-askpass.path,以防止非 root 分区被提示输入密码。
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
`sudo systemctl enable clevis-luks-askpass.path`
|
||||||
|
```
|
||||||
|
|
||||||
|
客户端已经安装完毕。 现在,每当你重启服务器时,加密后的磁盘应该会自动解密,并通过 Tang 服务器取回密钥进行挂载。
|
||||||
|
|
||||||
|
如果 Tang 服务器因为任何原因不可用,你需要手动提供密码,才能解密和挂载分区。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://opensource.com/article/20/11/nbde-linux
|
||||||
|
|
||||||
|
作者:[Curt Warfield][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[geekpi](https://github.com/geekpi)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://opensource.com/users/rcurtiswarfield
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
|
||||||
|
[2]: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
|
||||||
|
[3]: https://gitlab.com/cryptsetup/cryptsetup
|
||||||
|
[4]: https://github.com/latchset/clevis
|
||||||
|
[5]: https://github.com/latchset/tang
|
Loading…
Reference in New Issue
Block a user