Pdf.belgeler.gen.tr

Sifrelenmi ¸s Kök Dosya Sistemi NASIL
Christophe Devine
Necdet Yücel
Bu belgede güçlü bir ¸sifreleme tekni ˘gi kullanarak Linux kök dosya sisteminizin ¸sifrelenmesiyle ki¸siselbilgilerinizin nasıl güvenli hale getirilece ˘gini anlatmaktadır.
Konu Ba ¸slıkları
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Sifrelenmi ¸s Kök Dosya Sistemi NASIL
Bu çevirinin sürüm bilgileri:
Özgün belgenin sürüm bilgileri:
LDP tarafından gözden geçirilen ilk sürüm.
Güncellendi ve DocBook XML biçimine dönü¸stürüldü.
Telif Hakkı 2003, 2004, 2005 Christophe Devine – Özgün belgeTelif Hakkı 2005 Necdet Yücel – Türkçe çeviri Yasal Açıklamalar
Sifrelenmi¸s Kök Dosya Sistemi NASIL 1.0 sürümünün telif hakkı 2005 Necdet
Yücel’e aittir. Bu belgeyi, Free Software Foundation tarafından yayınlanmı¸s bulunan GNU Özgür Bel-
geleme Lisansının 1.1 ya da daha sonraki sürümünün ko¸sullarına ba ˘glı kalarak kopyalayabilir, da ˘gıtabilir
ve/veya de ˘gi¸stirebilirsiniz. Bu Lisansın bir kopyasını (sayfa: 10) ba¸slıklı
bölümde bulabilirsiniz.
BU BELGE "ÜCRETS˙IZ" OLARAK RUHSATLANDI ˘ G˙I B˙ILG˙ILER ˙IÇ˙IN ˙ILG˙IL˙I KA- G˙I ÖLÇÜDE HERHANG˙I B˙IR GARANT˙I VER˙ILMEMEKTED˙IR. AKS˙I YAZILI G˙I MÜDDETÇE TEL˙IF HAKKI SAH˙IPLER˙I VE/VEYA BA ¸ S˙IKAR VEYA ZIMNEN, SATILAB˙IL˙IRL˙I ˘ GU DA DAH˙IL OLMAK ÜZERE H˙IÇB˙IR GARANT˙I VERMEKS˙IZ˙IN DA ˘ B˙ILG˙IN˙IN KAL˙ITES˙I ˙ILE ˙ILG˙IL˙I TÜM SORUNLAR S˙IZE A˙ITT˙IR. HERHANG˙I B˙IR HATALI B˙ILG˙IDENDOLAYI DO ˘ GAB˙ILECEK OLAN BÜTÜN SERV˙IS, TAM˙IR VEYA DÜZELTME MASRAFLARI S˙IZE A˙ITT˙IR.
˙ILG˙IL˙I KANUNUN ˙ICBAR ETT˙I ˘G˙I DURUMLAR VEYA YAZILI ANLA ¸SMA HAR˙IC˙INDE HERHANG˙I B˙IR SEK˙ILDE TEL˙IF HAKKI SAH˙IB˙I VEYA YUKARIDA ˙IZ˙IN VER˙ILD˙I ˘ S˙I, B˙ILG˙IN˙IN KULLANIMI VEYA KULLANILAMAMASI S HALE GELMES˙I, S˙IZ˙IN VEYA ÜÇÜNCÜ ¸ SKA B˙ILG˙ILERLE UYUMSUZ OLMASI) YÜZÜNDEN GRUDAN YA DA DOLAYLI HERHANG˙I B˙IR ZARARDAN, BÖYLE B˙IR TAZM˙INAT TALEB˙I TEL˙IF HAKKI SAH˙IB˙I VEYA ˙ILG˙IL˙I K˙I ¸ Tüm telif hakları aksi özellikle belirtilmedi ˘gi sürece sahibine aittir. Belge içinde geçen herhangi bir terim,bir ticari isim ya da kuruma itibar kazandırma olarak algılanmamalıdır. Bir ürün ya da markanın kullanılmı¸solması ona onay verildi ˘gi anlamında görülmemelidir.
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
1. Sistemin Hazırlanması
1.1. Bölümleme düzeninin hazırlanması
Sabit diskiniz (hda) en azından a¸sa ˘gıdaki üç bölümden olu¸smalıdır: • hda1: Bu küçük ¸sifrelenmemi¸s disk bölümü ¸sifrelenmi¸s kök dosya sistemini ba˘glayabilmeniz için gerekli • hda2: Bu bölüm ¸sifrelenmi¸s kök dosya sisteminiz olacak, yeterince büyük oldu˘gundan emin olun.
• hda3: Bu bölüm çalı¸san GNU/Linux sisteminizdir.
Bu a¸samada hda1 ve hda2 kullanılmamaktadır. hda3 ise kurulu Linux da ˘gıtımınızın bulundu ˘gu dizindir. /usrve /boot farklı disk bölümleri olmamalıdır. Bölümleme düzeniniz a¸sa ˘gıdaki örne ˘ge benzemelidir: # fdisk –l /dev/hda
Disk /dev/hda: 255 heads, 63 sectors, 2432 cylinders 1.2. Gerekli paketler
E ˘ger Debian kullanıyorsanız, a¸sa ˘gıdaki paketleri kurmak zorundasınız: # apt–get install gcc make libncurses5–dev patch bzip2 wget
Kopyala/yapı¸stır i¸slemlerini kolayla¸stırmak için ¸su paketleri de kursanız iyi olur: # apt–get install lynx gpm
1.3. Linux–2.4.29 çekirde ˘ginin kurulması
Çekirdekte geridönü¸s ¸sifreleme deste ˘gi veren iki temel proje bulunmaktadır: cryptoloop ve loop–AES. Bubelgede loop–AES temel alınmı¸stır. Bunu nedeni oldukça hızlı olması, Rijndael’in çevirici dilinde en iyi ¸sekildekullanılmı¸s hali olması ve IA–32 (x86) i¸slemcilerde en iyi performansı vermesidir. Bunun yanında cryptoloopile ilgili da vardır.
Öncelikle, loop–AES paketini indirin ve açın:: $ cd /usr/src
$ wget http://loop–aes.sourceforge.net/loop–AES/loop–AES–v3.0b.tar.bz2
$ tar –xvjf loop–AES–v3.0b.tar.bz2
Ardından çekirde ˘gin kaynak kodunu indirip yamayı uygulayın: $ wget http://ftp.kernel.org/pub/linux/kernel/v2.4/linux–2.4.29.tar.bz2
$ tar –xvjf linux–2.4.29.tar.bz2
$ cd linux–2.4.29
$ rm include/linux/loop.h drivers/block/loop.c
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
$ patch –Np1 –i ./loop–AES–v3.0b/kernel–2.4.28.diff
$ dumpkeys | loadkeys –m – > drivers/char/defkeymap.c
Çekirde ˘ginizi a¸sa ˘gıdaki seçenekleri de dahil ederek yapılandırın: $ make menuconfig
<*> Ext3 journalling file system support I: /dev dosya sistemi deste˘gini etkinle¸stirmeyin.) $ make dep bzImage
$ make modules
# make modules_install
# cp arch/i386/boot/bzImage /boot/vmlinuz
E ˘ger önyükleyici olarak grub kullanıyorsanız, /boot/grub/menu.lst veya /boot/grub/grub.conf
dosyasını güncelleyin:
# cat > /boot/grub/menu.lst << EOF
default 0
timeout 10
color green/black light–green/black
title Linux
root (hd0,2)
kernel /boot/vmlinuz ro root=/dev/hda3
Lilo kullanıyorsanız /etc/lilo.conf dosyasını güncelleyin ve lilo komutunu çalı¸stırın:
# cat > /etc/lilo.conf << EOF
lba32
boot=/dev/hda
prompt
timeout=60
image=/boot/vmlinuz
label=Linux
read–only
root=/dev/hda3
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
Artık sisteminizi yeniden ba¸slatabilirsiniz.
1.4. Linux–2.6.10 çekirde ˘ginin kurulması
Yukarıdaki i¸slemleri loop–aes’in kernel–2.6.10.diff yamasını kullanarak yerine getirin ve ginin etkin olmadı ˘gından emin olun. Modül deste ˘ginin module–init–tools paketine 1.5. Util–linux–2.12p paketinin kurulması
util–linux paketinin bir parçası olan losetup programının güçlü kriptografi deste ˘gine sahip olması için yaman-
ması ve yeniden derlenmesi gerekir. util–linux paketini indirip, açın ve yamayın:
$ cd /usr/src
$ wget http://ftp.kernel.org/pub/linux/utils/util–linux/util–linux–2.12p.tar.bz2
$ tar –xvjf util–linux–2.12p.tar.bz2
$ cd util–linux–2.12p
$ patch –Np1 –i ./loop–AES–v3.0b/util–linux–2.12p.diff
20 karakterden daha kısa parolalar kullanabilmek için a¸sa ˘gıdaki komutu girin: CFLAGS="–O2 –DLOOP_PASSWORD_MIN_LENGTH=8"; export CFLAGS Temel kaygınız güvenlik oldu ˘gundan lütfen 20 karakterden daha kısa parolaları girebilmeyi etkin yapmayın. Bilgigizlili ˘gi bedava de ˘gildir, uzun parolalar bunun ’bedeli’dir.
losetup’ı derleyin ve root olarak kurun:
$ ./configure && make lib mount
# mv –f /sbin/losetup /sbin/losetup˜
# rm –f /usr/share/man/man8/losetup.8*
# cd mount
# gzip losetup.8
# cp losetup /sbin
# cp losetup.8.gz /usr/share/man/man8/
# chattr +i /sbin/losetup
Sifrelenmi ¸s Kök Dosya Sisteminin Olu ¸sturulması
Hedef disk bölümünü rastgele veri ile doldurun: # shred –n 1 –v /dev/hda2
Sifrelenmi¸s geridönü¸s aygıtını ayarlayın: # losetup –e aes256 –S xxxxxx /dev/loop0 /dev/hda2
Sözlük ataklarından korunmak için –S xxxxxx seçene ˘gini eklemeniz tavsiye edilir. Burada "xxxxxx" rastgeleseçilmi¸s anahtar olmalıdır (örne ˘gin "gPk4lA" olabilir). Bu anahtarı unutmamak için bir ka ˘gıda yazmanız iyi olur.
Ayrıca önyükleme sırasında klavye sorunları ya¸samamak için parolanızda ASCII olmayan karakterleri kullan-mayın. sitesinde hatırlaması kolay ama güçlü parolalar hazırlanmasına yardımcı olunmaktadır Simdi ext3 dosya sistemini olu¸sturalım: # mke2fs –j /dev/loop0
Girdi ˘giniz parolanın do ˘grulu ˘gunu sınayın: Sifrelenmi ¸s Kök Dosya Sistemi NASIL
# losetup –d /dev/loop0
# losetup –e aes256 –S xxxxxx /dev/loop0 /dev/hda2
# mkdir /mnt/efs
# mount /dev/loop0 /mnt/efs
Sifrelenmi¸s ve çözülmü¸s verileri kar¸sıla¸stırabilirsiniz: # xxd /dev/hda2
# xxd /dev/loop0 | less
Artık ¸sifrelenmi¸s Linux sisteminizi kurmanın zamanı geldi. E ˘ger bir GNU/Linux da ˘gıtımı (Debian, Slackware,Gentoo, Mandrake, RedHat/Fedora, SuSE, gibi) kullanıyorsanız, a¸sa ˘gıdaki komutu çalı¸stırın: # cp –avx / /mnt/efs
E ˘ger Linux From Scratch kitabını takip ediyorsanız, a¸sa ˘gıdaki düzeltmelerle birlikte kitabı takibe devam edin: • Bölüm 6 – Util–linux paketinin kurulması: Kodları açtıktan sonra loop–AES yamasını uygulayın.
• Bölüm 8 – LFS sisteminin önyüklenebilir hale getirilmesi: Bir sonraki bölüme (Önyükleme Aygıtının Ayarlanması) bakın.
3. Önyükleme Aygıtının Ayarlanması
3.1. Ramdisk’in olu ¸sturulması
Ba¸slamak için, ¸sifrelenmi¸s disk bölümüne hapsolmalı (chroot) ve önyükleme aygıtı için ba ˘glama noktasını
olu¸sturmalısınız:
# chroot /mnt/efs
# mkdir /loader
Ardından, daha sonra ihtiyacınız olacak ba¸slangıç ramdisk’ini (initrd) olu¸sturun: # dd if=/dev/zero of=initrd bs=1k count=4096
# mke2fs –F initrd
# mkdir ramdisk
# mount –o loop initrd ramdisk
grsecurity kullanıyorsanız "Permission denied" hatasını alabilirsiniz. Bu durumda mount komutunu kafesin
(chroot) dı¸sında çalı¸stırmanız gerekir.
Dosya sistemi a ˘gacını olu¸sturun ve gerekli dosyaları içine kopyalayın: # mkdir ramdisk/{bin,dev,lib,mnt,sbin}
# cp /bin/{bash,mount} ramdisk/bin/
# ln –s bash ramdisk/bin/sh
# mknod –m 600 ramdisk/dev/console c 5 1
# mknod –m 600 ramdisk/dev/hda2
# mknod –m 600 ramdisk/dev/loop0
# cp /lib/{ld–linux.so.2,libc.so.6,libdl.so.2} ramdisk/lib/
# cp /lib/{libncurses.so.5,libtermcap.so.2}
ramdisk/lib/
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
# cp /sbin/{losetup,pivot_root} ramdisk/sbin/
E ˘ger "/lib/libncurses.so.5: No such file or directory" veya "/lib/libtermcap.so.2: No such file or directory" hata iletileri ile kar¸sıla¸sırsanız dert etmeyin; bash bu kütüphanelerden
sadece birine ihtiyaç duyar. Gerçekte hangisinin gerekli oldu ˘gunu ¸söyle kontrol edebilirsiniz: # ldd /bin/bash
Parolanızın çekirdek iletileri (usb aygıtlarının kaydedilmesi gibi) tarafından ta¸sırılmasını önlemek için a¸sa ˘gıdaki sleep programını derleyin.
# cat > sleep.c << "EOF"
#include <unistd.h>
#include <stdlib.h>
int main( int argc, char *argv[] )
{
if( argc == 2 )
sleep( atoi( argv[1] ) );
return( 0 );
# gcc –s sleep.c –o ramdisk/bin/sleep
# rm sleep.c
init beti ˘gini olu¸sturun:
# cat > ramdisk/sbin/init << "EOF"
#!/bin/sh
/bin/sleep 3
echo –n "Enter seed value: "
read SEED
/sbin/losetup –e aes256 –S $SEED /dev/loop0 /dev/hda2
/bin/mount –r –n –t ext3 /dev/loop0 /mnt
while [ $? –ne 0 ]
do
/sbin/losetup –d /dev/loop0
/sbin/losetup –e aes256 –S $SEED /dev/loop0 /dev/hda2
/bin/mount –r –n –t ext3 /dev/loop0 /mnt
cd /mnt
/sbin/pivot_root . loader
exec /usr/sbin/chroot . /sbin/init
EOF
# chmod 755 ramdisk/sbin/init
Geridönü¸s aygıtını dosya sesteminden ayırın ve initrd’yi sıkı¸stırın: # umount –d ramdisk
# rmdir ramdisk
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
# gzip initrd
# mv initrd.gz /boot/
3.2. CD–ROM’dan önyükleme yapılması
Sisteminizi CD–ROM gibi salt okunur bir ortamı kullanarak yüklemenizi öneririm.
$ wget http://ftp.kernel.org/pub/linux/utils/boot/syslinux/syslinux–3.07.tar.bz2
$ tar –xvjf syslinux–3.07.tar.bz2
# mkdir bootcd
# cp /boot/{vmlinuz,initrd.gz} syslinux–3.07/isolinux.bin bootcd
# echo "DEFAULT /vmlinuz initrd=initrd.gz ro root=/dev/ram0" > bootcd/isolinux.cfg
Yüklenebilir cd–rom e¸slemini olu¸sturun ve yakın: # mkisofs –o bootcd.iso –b isolinux.bin –c boot.cat \
–no–emul–boot –boot–load–size 4 –boot–info–table \
–J –hide–rr–moved –R bootcd
# cdrecord –dev 0,0,0 –speed 4 –v bootcd.iso
# rm –rf bootcd{,.iso}
3.3. Sabit disk bölümünden önyükleme yapılması
E ˘ger yükleme cd’nizi kaybederseniz sabit disk bölümünüz yükleme yapabilmeniz için elinizin altındadır. Hda1yazılabilir bir ortam oldu ˘gundan güvenilir olmadı ˘gını unutmayın ve ancak acil durumlarda kullanın! Ext2 dosya sistemini olu¸sturun ve ba ˘glayın: # dd if=/dev/zero of=/dev/hda1 bs=8192
# mke2fs /dev/hda1
# mount /dev/hda1 /loader
Çekirde ˘gi ve ba¸slangıç ramdisk’ini kopyalayın: # cp /boot/{vmlinuz,initrd.gz} /loader
grub kullanıyorsanız:
# mkdir /loader/boot
# cp –av /boot/grub /loader/boot/
# cat > /loader/boot/grub/menu.lst << EOF
default 0
timeout 10
color green/black light–green/black
title Linux
root (hd0,0)
kernel /vmlinuz ro root=/dev/ram0
initrd /initrd.gz
# grub–install ––root–directory=/loader /dev/hda
# umount /loader
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
lilo kullanıyorsanız:
# mkdir /loader/{boot,dev,etc}
# cp /boot/boot.b /loader/boot/
# mknod –m 600 /loader/dev/hda
# mknod –m 600 /loader/dev/hda1 b 3 1
# mknod –m 600 /loader/dev/hda2 b 3 2
# mknod –m 600 /loader/dev/hda3 b 3 3
# mknod –m 600 /loader/dev/hda4 b 3 4
# mknod –m 600 /loader/dev/ram0 b 1 0
# cat > /loader/etc/lilo.conf << EOF
lba32
boot=/dev/hda
prompt
timeout=60
image=/vmlinuz
label=Linux
initrd=/initrd.gz
read–only
root=/dev/ram0
# lilo –r /loader
# umount /loader
4. Son Adımlar
Kafesin içinde iken, /etc/fstab dosyasını a¸sa ˘gıdaki satırı içerecek ¸sekilde düzenleyin: /etc/mtab dosyasını silip kafesten çıkın. Son olarak, umount –d /mnt/efs komutunu çalı¸stırın
ve sisteminizi yeniden ba¸slatın. E ˘ger ters giden bir ¸sey olursa hala LILO: komut satırında Linux
root=/dev/hda3 yazarak sisteminizi ba¸slatabilirsiniz.
Her¸sey yolunda gitmi¸sse diskinizi yeniden bölümlendirerek hda4’ün yanı sıra hda3’ü de ¸sifreleyebilirsiniz.
A¸sa ˘gıdaki betiklerde hda3’ü takas alanı ve hda4’ü /home dizini oldu ˘gunu kabul ediyoruz. Önce bu iki diskbölümü ilklendirilmelidir: # shred –n 1 –v /dev/hda3
# shred –n 1 –v /dev/hda4
# losetup –e aes256 –S xxxxxx /dev/loop1 /dev/hda3
# losetup –e aes256 –S xxxxxx /dev/loop2 /dev/hda4
# mkswap /dev/loop1
# mke2fs –j /dev/loop2
Bir ba¸slatma beti ˘gi yazın ve fstab dosyasını güncelleyin: # cat > /etc/init.d/loop << "EOF"
#!/bin/sh
if [ "‘/usr/bin/md5sum /dev/hda1‘" != \
"5671cebdb3bed87c3b3c345f0101d016
/dev/hda1" ]
echo –n "WARNING! hda1 integrity verification FAILED – press enter."
read
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
echo "1st password chosen above" | \
/sbin/losetup –p 0 –e aes256 –S xxxxxx /dev/loop1 /dev/hda3
echo "2nd password chosen above" | \
/sbin/losetup –p 0 –e aes256 –S xxxxxx /dev/loop2 /dev/hda4
/sbin/swapon /dev/loop1
for i in ‘seq 0 63‘
do
echo –n –e "\33[10;10]\33[11;10]" > /dev/tty$i
# chmod 700 /etc/init.d/loop
# ln –s ./init.d/loop /etc/rcS.d/S00loop
# vi /etc/fstab
5. Belge Hakkında
Sifrelenmi¸s Kök Dosya Sistemi NASIL ilk olarak Kasım 2002’de projesi için yazıldı. O tari-hten itibaren bu belgeye katkıda bulunan birçok ki¸siye te¸sekkür etmek isterim (ters tarih sırasına göre):Micha Bor-rmann, Dennis Lemckert, Oleg Vyushin, Ellen Bokhorst, Daczi László, Gaetano Zappulla, Guillaume Lehmann,Claude Thomassin, Jean–Philippe Guérard, Luc Vo Van, Jacobus Brink, Ernesto Pérez Estévez, Matthew Ploes-sel, Mike Lorek, Lars Bungum, Michael Shields, Julien Perrot, Grant Stephenson, Cary W. Gilmer, James How-ells, Pedro Baez, Josh Purinton, Jari Ruusu and Zibeli Aton.
Bu NASIL belgesi farklı dillere tercüme edildi: Lütfen yorumlarınızı ’a gönderin.
GNU Free Documentation License
Copyright 2000,2001,2002 Free Software Foundation, Inc.
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
The purpose of this License is to make a manual, textbook, or other functional and useful document free inthe sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without Sifrelenmi ¸s Kök Dosya Sistemi NASIL
modifying it, either commercially or noncommercially. Secondarily, this License preserves for the authorand publisher a way to get credit for their work, while not being considered responsible for modificationsmade by others.
This License is a kind of "copyleft", which means that derivative works of the document must themselvesbe free in the same sense. It complements the GNU General Public License, which is a copyleft licensedesigned for free software.
We have designed this License in order to use it for manuals for free software, because free softwareneeds free documentation: a free program should come with manuals providing the same freedoms thatthe software does. But this License is not limited to software manuals; it can be used for any textual work,regardless of subject matter or whether it is published as a printed book. We recommend this Licenseprincipally for works whose purpose is instruction or reference.
This License applies to any manual or other work, in any medium, that contains a notice placed by thecopyright holder saying it can be distributed under the terms of this License. Such a notice grants a world–wide, royalty–free license, unlimited in duration, to use that work under the conditions stated herein. The"Document", below, refers to any such manual or work. Any member of the public is a licensee, and isaddressed as "you". You accept the license if you copy, modify or distribute the work in a way requiringpermission under copyright law.
A "Modified Version" of the Document means any work containing the Document or a portion of it, eithercopied verbatim, or with modifications and/or translated into another language.
A "Secondary Section" is a named appendix or a front–matter section of the Document that deals exclu-sively with the relationship of the publishers or authors of the Document to the Document’s overall subject(or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if theDocument is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.)The relationship could be a matter of historical connection with the subject or with related matters, or oflegal, commercial, philosophical, ethical or political position regarding them.
The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those ofInvariant Sections, in the notice that says that the Document is released under this License. If a sectiondoes not fit the above definition of Secondary then it is not allowed to be designated as Invariant. TheDocument may contain zero Invariant Sections. If the Document does not identify any Invariant Sectionsthen there are none.
The "Cover Texts" are certain short passages of text that are listed, as Front–Cover Texts or Back–CoverTexts, in the notice that says that the Document is released under this License. A Front–Cover Text maybe at most 5 words, and a Back–Cover Text may be at most 25 words.
A "Transparent" copy of the Document means a machine–readable copy, represented in a format whosespecification is available to the general public, that is suitable for revising the document straightforwardlywith generic text editors or (for images composed of pixels) generic paint programs or (for drawings) somewidely available drawing editor, and that is suitable for input to text formatters or for automatic translationto a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent fileformat whose markup, or absence of markup, has been arranged to thwart or discourage subsequentmodification by readers is not Transparent. An image format is not Transparent if used for any substantialamount of text. A copy that is not "Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include plain ascii without markup, Texinfo inputformat, LaTeX input format, SGML or XML using a publicly available DTD, and standard–conforming simple Sifrelenmi ¸s Kök Dosya Sistemi NASIL
HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generallyavailable, and the machine–generated HTML, PostScript or PDF produced by some word processors foroutput purposes only.
The "Title Page" means, for a printed book, the title page itself, plus such following pages as are neededto hold, legibly, the material this License requires to appear in the title page. For works in formats whichdo not have any title page as such, "Title Page" means the text near the most prominent appearance ofthe work’s title, preceding the beginning of the body of the text.
A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ orcontains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands fora specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements",or "History".) To "Preserve the Title" of such a section when you modify the Document means that itremains a section "Entitled XYZ" according to this definition.
The Document may include Warranty Disclaimers next to the notice which states that this License appliesto the Document. These Warranty Disclaimers are considered to be included by reference in this License,but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers mayhave is void and has no effect on the meaning of this License.
You may copy and distribute the Document in any medium, either commercially or noncommercially,provided that this License, the copyright notices, and the license notice saying this License applies to theDocument are reproduced in all copies, and that you add no other conditions whatsoever to those of thisLicense. You may not use technical measures to obstruct or control the reading or further copying of thecopies you make or distribute. However, you may accept compensation in exchange for copies. If youdistribute a large enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
If you publish printed copies (or copies in media that commonly have printed covers) of the Document,numbering more than 100, and the Document’s license notice requires Cover Texts, you must enclosethe copies in covers that carry, clearly and legibly, all these Cover Texts: Front–Cover Texts on the frontcover, and Back–Cover Texts on the back cover. Both covers must also clearly and legibly identify you asthe publisher of these copies. The front cover must present the full title with all words of the title equallyprominent and visible. You may add other material on the covers in addition. Copying with changes limitedto the covers, as long as they preserve the title of the Document and satisfy these conditions, can betreated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (asmany as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must eitherinclude a machine–readable Transparent copy along with each Opaque copy, or state in or with eachOpaque copy a computer–network location from which the general network–using public has access todownload using public–standard network protocols a complete Transparent copy of the Document, freeof added material. If you use the latter option, you must take reasonably prudent steps, when you begindistribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible Sifrelenmi ¸s Kök Dosya Sistemi NASIL
at the stated location until at least one year after the last time you distribute an Opaque copy (directly orthrough your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing anylarge number of copies, to give them a chance to provide you with an updated version of the Document.
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and3 above, provided that you release the Modified Version under precisely this License, with the ModifiedVersion filling the role of the Document, thus licensing distribution and modification of the Modified Versionto whoever possesses a copy of it. In addition, you must do these things in the Modified Version: A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of theDocument). You may use the same title as a previous version if the original publisher of that versiongives permission.
B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of theDocument (all of its principal authors, if it has fewer than five), unless they release you from thisrequirement.
C. State on the Title page the name of the publisher of the Modified Version, as the publisher.
D. Preserve all the copyright notices of the Document.
E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.
F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.
G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in H. Include an unaltered copy of this License.
I. Preserve the section Entitled "History", Preserve its Title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is nosection Entitled "History" in the Document, create one stating the title, year, authors, and publisherof the Document as given on its Title Page, then add an item describing the Modified Version asstated in the previous sentence.
J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions itwas based on. These may be placed in the "History" section. You may omit a network location for awork that was published at least four years before the Document itself, or if the original publisher ofthe version it refers to gives permission.
K. For any section Entitled "Acknowledgements" or "Dedications", Preserve the Title of the section, and preserve in the section all the substance and tone of each of the contributor acknowledgementsand/or dedications given therein.
L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
M. Delete any section Entitled "Endorsements". Such a section may not be included in the Modified N. Do not retitle any existing section to be Entitled "Endorsements" or to conflict in title with any Invariant O. Preserve any Warranty Disclaimers.
If the Modified Version includes new front–matter sections or appendices that qualify as Secondary Sec-tions and contain no material copied from the Document, you may at your option designate some or allof these sections as invariant. To do this, add their titles to the list of Invariant Sections in the ModifiedVersion’s license notice. These titles must be distinct from any other section titles.
You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of yourModified Version by various parties—-for example, statements of peer review or that the text has beenapproved by an organization as the authoritative definition of a standard.
You may add a passage of up to five words as a Front–Cover Text, and a passage of up to 25 words asa Back–Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage ofFront–Cover Text and one of Back–Cover Text may be added by (or through arrangements made by) anyone entity. If the Document already includes a cover text for the same cover, previously added by you orby arrangement made by the same entity you are acting on behalf of, you may not add another; but youmay replace the old one, on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their namesfor publicity for or to assert or imply endorsement of any Modified Version.
You may combine the Document with other documents released under this License, under the termsdefined in section 4 above for modified versions, provided that you include in the combination all of theInvariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections ofyour combined work in its license notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical Invariant Sectionsmay be replaced with a single copy. If there are multiple Invariant Sections with the same name but differentcontents, make the title of each such section unique by adding at the end of it, in parentheses, the nameof the original author or publisher of that section if known, or else a unique number. Make the sameadjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled "History" in the various original documents,forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", andany sections Entitled "Dedications". You must delete all sections Entitled "Endorsements." You may make a collection consisting of the Document and other documents released under this License,and replace the individual copies of this License in the various documents with a single copy that isincluded in the collection, provided that you follow the rules of this License for verbatim copying of eachof the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License,provided you insert a copy of this License into the extracted document, and follow this License in all otherrespects regarding verbatim copying of that document.
Sifrelenmi ¸s Kök Dosya Sistemi NASIL
A compilation of the Document or its derivatives with other separate and independent documents or works,in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting fromthe compilation is not used to limit the legal rights of the compilation’s users beyond what the individualworks permit. When the Document is included an aggregate, this License does not apply to the otherworks in the aggregate which are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if theDocument is less than one half of the entire aggregate, the Document’s Cover Texts may be placedon covers that bracket the Document within the aggregate, or the electronic equivalent of covers if theDocument is in electronic form. Otherwise they must appear on printed covers that bracket the wholeaggregate.
Translation is considered a kind of modification, so you may distribute translations of the Document underthe terms of section 4. Replacing Invariant Sections with translations requires special permission fromtheir copyright holders, but you may include translations of some or all Invariant Sections in addition tothe original versions of these Invariant Sections. You may include a translation of this License, and all thelicense notices in the Document, and any Warranty Disclaimers, provided that you also include the originalEnglish version of this License and the original versions of those notices and disclaimers. In case of adisagreement between the translation and the original version of this License or a notice or disclaimer,the original version will prevail.
If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement(section 4) to Preserve its Title (section 1) will typically require changing the actual title.
You may not copy, modify, sublicense, or distribute the Document except as expressly provided for underthis License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and willautomatically terminate your rights under this License. However, parties who have received copies, orrights, from you under this License will not have their licenses terminated so long as such parties remainin full compliance.
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation Licensefrom time to time. Such new versions will be similar in spirit to the present version, but may differ in detailto address new problems or concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that aparticular numbered version of this License "or any later version" applies to it, you have the option offollowing the terms and conditions either of that specified version or of any later version that has beenpublished (not as a draft) by the Free Software Foundation. If the Document does not specify a versionnumber of this License, you may choose any version ever published (not as a draft) by the Free SoftwareFoundation.
ADDENDUM: How to use this License for your documents
To use this License in a document you have written, include a copy of the License in the document and put thefollowing copyright and license notices just after the title page: Permission is granted to copy, distribute and/or modify this document Sifrelenmi ¸s Kök Dosya Sistemi NASIL
under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front—Cover Texts, and no Back—Cover Texts.
A copy of the license is included in the section entitled “GNU If you have Invariant Sections, Front–Cover Texts and Back–Cover Texts, replace the "with.Texts." line with this: with the Invariant Sections being list their titles, withthe Front—Cover Texts being list, and with the Back—Cover Textsbeing list.
If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those twoalternatives to suit the situation.
If your document contains nontrivial examples of program code, we recommend releasing these examples inparallel under your choice of free software license, such as the GNU General Public License, to permit their usein free software.
Belge içinde dipnotlar ve dı¸s ba ˘glantılar varsa, bunlarla ilgili bilgiler bulundukları sayfanın sonunda dipnot olarakverilmeyip, hepsi toplu olarak burada listelenmi¸s olacaktır.
Bu dosya (encrypted–rootfs–howto.pdf), belgenin XML biçi-minin TEXLive ve belgeler-xsl paketlerindeki araçlar kul-lanılarak PDF biçimine dönü¸stürülmesiyle elde edilmi¸stir.

Source: http://pdf.belgeler.gen.tr/howto/encrypted-rootfs-howto.pdf