Bug#694722: eMachines eM355, encrypted & boots off pendrive, preseeding fails
Package: installation-reports
Boot method: USB pendrive with debian-wheezy-DI-b4-amd64-netinst.iso
Image version: http://cdimage.debian.org/cdimage/wheezy_di_beta4/amd64/iso-cd/debian-wheezy-DI-b4-amd64
Date: Thu 2012-Nov-29 14:53:32 CET
Machine: eMachines eM355
Processor: Intel Atom N570 CPU @ 1.66GHz
Memory: 1G
Partitions:
Filesystem Type 1K-blocks Used Available Use% Mounted on
rootfs rootfs 15622144 1450684 12193636 11% /
udev devtmpfs 10240 0 10240 0% /dev
tmpfs tmpfs 101600 340 101260 1% /run
/dev/mapper/sda1_crypt btrfs 15622144 1450684 12193636 11% /
tmpfs tmpfs 5120 0 5120 0% /run/lock
tmpfs tmpfs 203180 0 203180 0% /run/shm
/dev/mapper/sda2_crypt btrfs 228571136 152 226445248 1% /usr/local
Output of lspci -knn (or lspci -nn):
00:00.0 Host bridge [0600]: Intel Corporation Atom Processor D4xx/D5xx/N4xx/N5xx DMI Bridge [8086:a010] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: agpgart-intel
00:02.0 VGA compatible controller [0300]: Intel Corporation Atom Processor D4xx/D5xx/N4xx/N5xx Integrated Graphics Controller [8086:a011] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: i915
00:02.1 Display controller [0380]: Intel Corporation Atom Processor D4xx/D5xx/N4xx/N5xx Integrated Graphics Controller [8086:a012] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
00:1b.0 Audio device [0403]: Intel Corporation N10/ICH 7 Family High Definition Audio Controller [8086:27d8] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: snd_hda_intel
00:1c.0 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 1 [8086:27d0] (rev 02)
Kernel driver in use: pcieport
00:1c.1 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 2 [8086:27d2] (rev 02)
Kernel driver in use: pcieport
00:1d.0 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #1 [8086:27c8] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: uhci_hcd
00:1d.1 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #2 [8086:27c9] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: uhci_hcd
00:1d.2 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #3 [8086:27ca] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: uhci_hcd
00:1d.3 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #4 [8086:27cb] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: uhci_hcd
00:1d.7 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB2 EHCI Controller [8086:27cc] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: ehci_hcd
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 Mobile PCI Bridge [8086:2448] (rev e2)
00:1f.0 ISA bridge [0601]: Intel Corporation NM10 Family LPC Controller [8086:27bc] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
00:1f.2 SATA controller [0106]: Intel Corporation N10/ICH7 Family SATA Controller [AHCI mode] [8086:27c1] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: ahci
00:1f.3 SMBus [0c05]: Intel Corporation N10/ICH 7 Family SMBus Controller [8086:27da] (rev 02)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: i801_smbus
01:00.0 Ethernet controller [0200]: Atheros Communications Inc. AR8152 v2.0 Fast Ethernet [1969:2062] (rev c1)
Subsystem: Acer Incorporated [ALI] Device [1025:0349]
Kernel driver in use: atl1c
02:00.0 Network controller [0280]: Atheros Communications Inc. AR9285 Wireless Network Adapter (PCI-Express) [168c:002b] (rev 01)
Subsystem: Lite-On Communications Inc Device [11ad:6631]
Kernel driver in use: ath9k
Comments:
I intend to have a completely encrypted harddisk and boot off a separate
pendrive. apt-cacher on the local network is used to limit network
load, and I wanted (but failed) to use preseeding.
$ curl -OL 'http://ftp.nl.debian.org/debian/dists/testing/main/installer-amd64/current/images/hd-media/boot.img.gz'
$ curl -OL 'http://cdimage.debian.org/cdimage/wheezy_di_beta4/amd64/iso-cd/debian-wheezy-DI-b4-amd64-netinst.iso'
Again, I'm having trouble verifying authenticity of these files. There
is no such thing as a signature file for `boot.img.gz`. But even for
the second file, verification does not complete:
$ curl -OL 'http://cdimage.debian.org/cdimage/wheezy_di_beta4/amd64/iso-cd/SHA512SUMS'
$ curl -OL 'http://cdimage.debian.org/cdimage/wheezy_di_beta4/amd64/iso-cd/SHA512SUMS.sign'
$ sha512sum -c SHA512SUMS 2>&1 | grep debian-wheezy-DI-b4-amd64-netinst.iso
debian-wheezy-DI-b4-amd64-netinst.iso: OK
$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Wed 21 Nov 2012 11:33:38 PM CET using RSA key ID 6294BE9B
gpg: Can't check signature: public key not found
Failed. Althought I have the debian-keyring installed, and added to my
`~/.gnupg/gpg.conf`. Started reading about keys, and how to get them.
No idea what I'm doing here. Came up with that:
$ gpg --recv-keys 6294BE9B
gpg: keyring `/home/sk/.gnupg/secring.gpg' created
gpg: requesting key 6294BE9B from hkp server keys.gnupg.net
gpg: /home/sk/.gnupg/trustdb.gpg: trustdb created
gpg: key 6294BE9B: public key "Debian CD signing key <debian-cd@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Wed 21 Nov 2012 11:33:38 PM CET using RSA key ID 6294BE9B
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
So it fails a little bit less now. Why is the key not certified? Is
this a problem? How to be sure that I got what I want?
Well, proceed with installation. First try: Plugged pendrive into
another machine, and proceedas follows:
$ gunzip <boot.img.gz >/dev/sdb
$ mount /dev/sdb /media/sdb
$ cp debian-wheezy-DI-b4-amd64-netinst.iso /media/sdb
$ umount /media/sdb
Plugged into target machine, switched on. Machine hangs, no boot menu
visible, just a cursor blinking in the top left corner.
$ dd if=/dev/zero of=/dev/sdb # clean device, cfdisk /dev/sdb failed
$ cfdisk /dev/sdb # create a /dev/sdb1 partition
$ gunzip <boot.img.gz >/dev/sdb1
$ mount /dev/sdb1 /media/sdb1
$ cp debian-wheezy-DI-b4-amd64-netinst.iso /media/sdb1
Plugged into target machine, switched on. This time GRUB bails out,
saying "error: no such device: 85163fd4-b4w2-43a1-9501-1df805be52ce".
The rescue mode leaves me pretty clueless. So I decide to just put the
installer image on the pendrive:
$ dd if=debian-wheezy-DI-b4-amd64-netinst.iso of=/dev/sdb
I would really love to be able to skip creation of a non-root user. I
have to delete the account anyway, because I change adduser.conf, and
some groups. Also, if I just replace the OS, but leave all other data
intact, I need to match existing UIDs when creating users.
I have undertaken various attempts to add my `preseed.cfg` to a
remastered ISO image, following these [1,2] and other instructions. The
best I could get was aforementioned GRUB error, maybe the UUID changed.
So I give up preseeding. I really like the option to just `dd` an ISO
image on a pendrive, and install from that. But obviously it's
difficult to hand preseeding data to the installer. Maybe it would make
sense to allow mounting and accessing an additional device (e.g.,
another USB pendrive, or another partition on the same pendrive as used
for installation) via boot parameters, and scan it for preseeding
information? Something like
auto url=(hd0,1)/path/to/mypreseed.file
or similar would be cool. Then one would not have to unpack an ISO
image, get the right initrd.gz, unpack it as well, add the preseed info
in the (hopefully) right place, and then repackage everything, getting
the bootable ISO-image right, and so on...
Thanks for the great work you guys do on the installer, I hope my
suggestions can help a little in making it even better. Any comments on
my approach are welcome, of course!
Yours,
Stefan
____________________
[1] http://wiki.debian.org/DebianInstaller/Preseed/EditIso
[2] http://www.debian.org/releases/stable/i386/apb.html
--
Stefan Klinger o/klettern
/\/ bis zum
send plaintext only - max size 32kB - no spam \ Abfallen
http://stefan-klinger.de
Reply to: