LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-23-2015, 02:10 AM   #1
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Rep: Reputation: Disabled
Debian custom encrypted LVM install - Impossible to achieve


Hi there!

After my NVIDIA card died I decided it was time to buy an AMD card again (R9 270X), but I didn't think AMD drivers were such a pain in Linux as people said. Of course, in some distros anyway. On Arch, for example, there's no official release because Arch's developers would have to hold Xorg in order to make a closed-source driver available, because AMD's pace isn't in pair with Linux. So in order to install AMD's drivers on Arch I must rely on some guy's unnoficial repositories, but that isn't the whole problem. Even though I'm cool with adding repos and downgrading Xorg, I'm not cool with it not working for a lot of apps, so that's where I decided to try a few distros. Manjaro is a no-go because it installs Flash as default. openSUSE although is a very good distro, is a complete mess when it comes to repositories, specially multimedia ones. Ubuntu/Mint are also a no-go, Ubuntu because after 12.04 they have a spyware by default, and Mint because it contains non-free stuff by default.

So here I come! I ran Debian in the past for a long time (aside from a breaf period last year) and it was lovely, I could easily set up a custom encrypted install, but now I don't remember how to, and it's killing me. I don't like how the installer doesn't show the partitions size as they actually are, and I don't like how the automated encrypted LVM setup doesn't let me chose the encryption algorithm or the timeframe between each passphrase attempt. That's why I must create my install, and here's what I used to do on Arch (the part that really matters), converted to what I use on Debian:

Code:
# modprobe dm-mod
(create one 1GB partition for /boot, unencrypted ; create another big 930 GB formatted as "8e" - LVM - on dev/sda2)
Code:
# fdisk /dev/sda
(chose my ciphers and iter time)
Code:
# cryptsetup -c twofish-xts-plain64 -y-s 512 --iter-time 5000 luksFormat /dev/sda2
(open the luks container on "sda2_crypt")
Code:
# cryptsetup open --type luks /dev/sda2 sda2_crypt
(create physical volume on sda2_crypt)
Code:
# pvcreate /dev/mapper/sda2_crypt
(create volume group "debian" on sda2_crypt)
Code:
# vgcreate debian /dev/mapper/sda2_crypt
(create volumes)
Code:
# lvcreate -L 8G system -n root
# lvcreate -L 60G system -n swap
# lvcreate -l 100%FREE system -n home
After this is done, I go to the "partition disks" page where I select each partition/volume to it's correct destination. I then procceed to installing the base system, configuring apt, and all that. Now, before I install Grub I used to execute the following commands on shell:

Code:
 # nano /etc/crypttab
I used to put something there, but I don't remember what exactly. It's been a long time since I used Debian for long! But here's what I put there:

Code:
sda2_crypt /dev/mapper/sda2_crypt none luks
Then I procceeded to instal syslinux (I REALLY don't like GRUB)

Code:
# chroot /target
# apt-get install syslinux
But I get the following error:

Quote:
E: cannot write log (Is /dev/pts mounted?) - posix_openpt (2: No such file or directory).
I'm assuming this is just a non-critical error. But this is not the problem, the problem is when I try to install syslinux:

Code:
# syslinux-install_update -i -a -m
The output:

Quote:
/bin/sh: 2: syslinux-install_update: not found
Then I type "syslinux --help":

Code:
# syslinux -h
Quote:
Usage: syslinux [options] device
--offset -t Offset of the file system on the device
--directory -d Directory for the installation target
--install -i Install over the corrent bootsector
--update -U Update a previous installation
--zip -z Force zipdrive geometry (-H 64 -S 32)
--sectors=# -S Force the number of sectors per track
--heads=# -H Force number of heads
--stupid -s Slow, safe and stupid mode
--raid -r Fall back to the next device on boot failure
--once=... Execute a command once upon boot
--clear-once -O Clear the boot-once command
--reset-adv Reset auxilliary data
--menu-save= -M Set the label to select as default on next boot
--force -f Ignore precautions
I tried literaly every possible combination that would make sense in Arch and yet I can't install it. The Debian documentation on syslinux doesn't help at all, and the Arch's Wiki on Syslinux... well, tells how to make it work on Arch It used to work the same way on Debian, but now it doesn't.

Here's a little list of the errors I get:

Code:
# syslinux -i -U
Quote:
Usage: syslinux [options] device
--offset -t Offset of the file system on the device
--directory -d Directory for the installation target
--install -i Install over the corrent bootsector
--update -U Update a previous installation
--zip -z Force zipdrive geometry (-H 64 -S 32)
--sectors=# -S Force the number of sectors per track
--heads=# -H Force number of heads
--stupid -s Slow, safe and stupid mode
--raid -r Fall back to the next device on boot failure
--once=... Execute a command once upon boot
--clear-once -O Clear the boot-once command
--reset-adv Reset auxilliary data
--menu-save= -M Set the label to select as default on next boot
--force -f Ignore precautions
Code:
#syslinux --install --update
Quote:
Usage: syslinux [options] device
--offset -t Offset of the file system on the device
--directory -d Directory for the installation target
--install -i Install over the corrent bootsector
--update -U Update a previous installation
--zip -z Force zipdrive geometry (-H 64 -S 32)
--sectors=# -S Force the number of sectors per track
--heads=# -H Force number of heads
--stupid -s Slow, safe and stupid mode
--raid -r Fall back to the next device on boot failure
--once=... Execute a command once upon boot
--clear-once -O Clear the boot-once command
--reset-adv Reset auxilliary data
--menu-save= -M Set the label to select as default on next boot
--force -f Ignore precautions
Code:
# syslinux --install --update -i -a -m
Quote:
Usage: syslinux [options] device
--offset -t Offset of the file system on the device
--directory -d Directory for the installation target
--install -i Install over the corrent bootsector
--update -U Update a previous installation
--zip -z Force zipdrive geometry (-H 64 -S 32)
--sectors=# -S Force the number of sectors per track
--heads=# -H Force number of heads
--stupid -s Slow, safe and stupid mode
--raid -r Fall back to the next device on boot failure
--once=... Execute a command once upon boot
--clear-once -O Clear the boot-once command
--reset-adv Reset auxilliary data
--menu-save= -M Set the label to select as default on next boot
--force -f Ignore precautions
Oh, and also users are still not able to press TAB to get the full command without typing it? And we can't even press the up arrow key that we get "^[[A"? :P Whaat?

What am I doing wrong?

I'm really not with the time to mess with these kinds of things, so either I figure this out REAL SOON or I'll be forced to get back to Windows

Last edited by Amarildo; 03-24-2015 at 05:19 PM. Reason: Solved
 
Old 03-23-2015, 02:21 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,831
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Pretty hostile subject line you've posted with this thread. It's interesting you complain about certain distros having non-free software when the software you're trying to configure is not free. I find it even more odd that you claim you'll go back to Windows if you can't get this working. Which, by the way, is completely non-free (both in freedom and price). Very odd priorities indeed. Personally I use KUbuntu. It contains non-free software but I don't have the same configuration gripes. Stuff just works for me. You should re-evaluate how you ask this question. It seems you've tried a lot and put work into it. It'd be a shame to limit the responses because of how you conveyed your question.

I nearly just skipped this thread entirely because of the subject alone.
 
Old 03-23-2015, 02:31 AM   #3
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Yeah, I'm kind of going nuts here. I've been using Linux since 2006, but only with NVIDIA video cards. Now with AMD my life is being hell. In the near past I did have the time to tinker and tweak everything I wanted -that's how I got on Arch on the first place. But right now I just need something that works the way I wanted, and all these distro's, except Debian, are pretty much gone for me, for the time being. I've been encrypting my harddrives this way for years now and it's really hard to do it differently just because one distro doesn't allow us to easily configure it the way we want.

And don't get me wrong, I HATE Windows and closed-source software, but I really will have no choice if I can't figure this out in the next couple of days.

I'm changing the topic's title, after re-reading it I can see how it looks. I do, however, ask for a little comprehension because I've been trying to do this for a few weeks and I'm running out of time. Not to mention it's 3AM, I'm not really thinking straight.
 
Old 03-23-2015, 02:33 AM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,831
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
No worries I'll read again tomorrow. I'm going to bed as well.
 
Old 03-23-2015, 02:36 AM   #5
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
No problem, and thanks for taking your time to help. Sleep well.
 
Old 03-23-2015, 03:30 PM   #6
propofol
Member
 
Registered: Nov 2007
Location: Seattle
Distribution: Debian Wheezy & Jessie; Ubuntu
Posts: 331

Rep: Reputation: 59
I cannot help you with encrypted lvm much - I just used the default options to install my encrypted Debian system but I do think you are missing something with the chroot:

Code:
mount -o bind /dev     /target/dev
mount -o bind /dev/pts /target/dev/pts
mount -o bind /proc    /target/proc
mount -o bind /sys     /target/sys

chroot /target /bin/bash
...install syslinux ...
exit

unmount /target/sys
umount  /target/proc
umount  /target/dev/pts
umount  /target/dev
I assume you have installed the system with 'debootstrap wheezy /target http://http.debian.net/debian/'

Regards,
Stefan

Last edited by propofol; 03-23-2015 at 03:37 PM.
 
Old 03-23-2015, 04:39 PM   #7
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by Amarildo View Post

Code:
# syslinux -i -U

Code:
#syslinux --install --update

Code:
# syslinux --install --update -i -a -m
Have a look at the error messages (or better, the usage message) again. It tells you to run the syslinux command, followed by optional options and a device name. I can't see a device name in your commands.
 
Old 03-24-2015, 10:51 AM   #8
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by propofol View Post
I cannot help you with encrypted lvm much - I just used the default options to install my encrypted Debian system but I do think you are missing something with the chroot:

Code:
mount -o bind /dev     /target/dev
mount -o bind /dev/pts /target/dev/pts
mount -o bind /proc    /target/proc
mount -o bind /sys     /target/sys

chroot /target /bin/bash
...install syslinux ...
exit

unmount /target/sys
umount  /target/proc
umount  /target/dev/pts
umount  /target/dev
I assume you have installed the system with 'debootstrap wheezy /target http://http.debian.net/debian/'

Regards,
Stefan
I don't know why, but I never needed to mount /dev/, /dev/pts, /proc and /sys. This is really weird.
Also, I tried using these commands after looking at Debian's chroot page, and I get the same errors as before.
And I don't use Wheezy, I use a mix of Jessie and Sid So I use the netinstall CD.

Quote:
Originally Posted by TobiSGD View Post
Have a look at the error messages (or better, the usage message) again. It tells you to run the syslinux command, followed by optional options and a device name. I can't see a device name in your commands.
I have tried every possible command, even "syslinux --install --update /dev/sda" and literaly nothing works. I'm starting to assume this is a netinst cd problem and I'm downloading another Jessie's CD.
 
Old 03-24-2015, 05:19 PM   #9
Amarildo
Member
 
Registered: Jun 2014
Posts: 176

Original Poster
Rep: Reputation: Disabled
As I couldn't remember how to set this up and I couldn't find an answer, I had to make it work with a workaround.
First I had to manually create the partitions and volumes the way I described above, this way I know they have exactly 60, 8, and 862 GB (because for whatever reason the debian installer doesn't take 1024 MB as 1 GiB). Then, procceeding to the "Partition disks" part, I went into "Configure Encrypted volumes" menu, this way I could see "in debian terms" how big those partitions are. After writing those numbers down, I deleted all partitions and started over again, this time using Debian's installer for partitioning. Here's how it goes.

Partition disks
- Create MBR on the target drve
- Create 1 GiB ("1073 MB" for Debian instlaler) at the beginning of the disk, set it up with ext4 and mounted as /boot
- Create the last partition with the rest of the drive space, and select "Do not use partition"

Configure Encrypted volumes
- Select YES to write current changes
- Select [x] /dev/sda2
- Edit crypt settings
- Select "Done setting up partition"
- Enter partition passphrase
- Select menu "Configure encrypted volumes"
- Select YES to write current changes
- Select "Create volume group"
- Name it whatever you want
- Select[*] /dev/mapper/sda2_crypt
- Create logical volumes you want (I create one for /, one for /swap, and another for /home.
- Finish
- Select YES to write current changes

Now you'll see something like this:

LVM VG debian, LV home - 1.0TB Linux device mapper (linear)
#1 1.0 TB

Select the "#1 1.0 TB" option and customize it the way you want. In this case I use it as ext4 and mount point as /home. You get the pcture.

After setting all volumes up, procceed with normal installation.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Back to Windows penguinpages General 9 09-02-2007 01:34 PM
will never go back to windows ceebezee LinuxQuestions.org Member Intro 6 05-19-2007 09:06 AM
AH!! I need windows back :( Talon107 Linux - Newbie 21 08-04-2004 05:37 PM
i need windows back seanz6688 General 37 03-01-2004 05:08 PM
Back to Windows Baz Linux - Newbie 13 02-17-2004 03:49 PM


All times are GMT -5. The time now is 12:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration