The process was mostly easy and rewarding.  One funny quirk: osm2pgsql can’t do password authentication to the database, so it’s most convenient to use a passwordless account.  Mapnik, on the other hand, appears to choke if it is given an empty password string, so you need to add a password to the account once you get to the Mapnik stage.

Karmic Koala, the latest release of Ubuntu, made it really easy for new installs to use encryption for home directories.  However, for users who upgraded from previous releases (Jaunty Jackalope, Intrepid Ibex, etc), the process to encrypt an existing home directory is not so obvious.  Here’s one way to do it.

You’ll need enough free space for two copies of your entire home directory. If you don’t have that, first move your existing home directory onto external media, and modify these instructions as appropriate.

First, log out of your normal account, which we’ll term myrealusername. Login as root. Create a new, temporary user, using the –encrypt-home flag to adduser.  Use the same password as your current user account.

When you ran ‘adduser’, it created two important directories: /home/.ecryptfs/tmpuser/.Private and /home/.ecryptfs/tmpuser/.ecryptfs. These are both symlinked into a skeleton home directory at /home/tmpuser. I say skeleton here, because the directory so created is only ever visible when ‘tmpuser’ is logged out. Once ‘tmpuser’ is logged in, the contents of /home/.ecryptfs/tmpuser/.Private are decrypted and mounted on top of /home/tmpuser. We want the same thing to happen for myrealusername. Before we put the skeleton directory in place, however, we want to move your existing, unencrypted home aside. That way when you log in with an encrypted home it isn’t hidden and we’re able to copy files into your new, encrypted home.

Now you want to copy these skeleton files to /home/.ecryptfs/myrealusername and change the ownership:

You also need to edit a mount description file which still refers to ‘tmpuser’:

Just for good measure we’ll copy the two informational symlinks from the skeleton directory. These are handy because if they show up when you’re logged in, you know something went wrong and you’re not accessing your encrypted home dir.

At this point, you’re ready to log in as myrealusername. Go ahead. I’ll wait.

Got it? You should have a mostly empty home directory. If you have a file named Access-Your-Private-Data.desktop, something went wrong.

If all’s well, copy your original home directory into the new, encrypted home directory. It’s best to do this as root, on the off chance you have some files in your home dir which you don’t own, but want to preserve exactly. You may be tempted to do this as an ‘mv’ if you’re low on disk space. That should work just the same, but it won’t actually unlink the original until *everything* is copied, meaning you still need enough space for two copies of your home dir. In a pinch you could move one subdirectory at a time, which means you don’t need as much spare space.

Note the trailing slashes on the rsync – those are important.

Bingo! Your home directory is now encrypted. Once you’re satisfied that everything is there, don’t forget to remove your original, unencrypted home. To be tidy you may want to delete the ‘tmpuser’ account too.

Dojo Shrinksafe – http://dojotoolkit.org/docs/shrinksafe

YUI Compressor – http://www.julienlecomte.net/yuicompressor/

JavaScript Obfuscator by Stunnix – http://www.stunnix.com/prod/jo/

JSMin – http://www.crockford.com/javascript/jsmin.html

Packer- http://dean.edwards.name/packer/

So far I’ve tried Shrinksafe and YUI Compressor.  I couldn’t get Shrinksafe to produce any output, even though it seemed to be parsing my JS since it threw errors when I had something wrong.

YUI compressor ran on my input JS and produced output, but it had a couple of problems.  Backslash-escaped strings get unescaped from the output.  For instance,

alert("two \n lines");

Becomes:

alert("two
 lines");

Also, it seemed to have trouble with "else if (...) {" constructs, turning them into "else{if(...){".