Hello! I have the same goal so I will monitor that conversation. Fully encrypted live system! YES! So: Yes. It is possible. But it's advanced level of linuxing. That I have not reached...so far. 1. It's possible if you make fist an image that have everything you want working except cryptsetup included in initramfs. 2. Then basically you need to take that ISO (or whatever kind of) image unpack it. And find your initramfs image file. 3. Unpack initramfs image. Check what is inside. DIFFICULT PART IS COMMING: 4a. Build your own initramfs image identical to one you have with cryptsetup support. Maybe you can base your config by looking at the files inside initramfs image. This is basically difficult because you don't know anything and it's hard in general to make image that will make your live system boot. OR 4b. Hack existing initramfs from your image by adding cryptsetup binaries....SsSssomehow?! (good version,arch,etc,maybe also configs). This might be easier but I am not sure if it's possible. 5. Repack initramfs image and then put everything back together and rebuild your ISO image. 6. Hope it will work. 7. BAM! READY! This is only my imaginary theory. Now all you need is to check how to do that in real I am quite sure you can do that the way I described. Because I tried to do that to achieve something else but I dropped that at some point. I don't remember why. Then you write nice hook script so all the universe can use it later (including me). Or we can cooperate somehow and make it good together asa colective. (this option I prefer because it's less work for me and for you and for the universe). Maybe there are other ways for sure. Maybe simple including some cryptsetuppackage in ./config/include.initramfs but who knows... If it's implemented? If then in which version? Is it working then? Why it was supoprted before in some early versions of live-build (2.x something if I remeber good) and now it's gone? I am so much confused by all the bugs in live-project and most of the stuff is 2-3 years old so bleee.. Simply annoying. Yes I am angry. But I am looking for solutions because I want my own debian full encrypted distro. And I will make it happen! P.S. 1. Sorry for making you sleep by reading all of that. 2. I have limited electricity and internet access so I might response with some small delay but yeah lets have (full) --encryption support. W dniu 12.06.2015 o 23:27, Jan Kowalsky pisze: > > Am 11.06.2015 um 16:12 schrieb chals: >> On Thu, Jun 11, 2015 at 11:58 AM, Jan Kowalsky >> <jankow@datenkollektiv.net> wrote: >>> Hi all, >>> >>> I try to build a live system with luks encrypted persistence. It fails, >>> because inside the initramfs the cryptsetup binaries don't exist. In the >>> past - from wheezy I was able to build an encrypted system as long as I >>> took the live-boot-initramfs-tools from jessie. >>> >>> Is it possible to include some packages inside the initramfs? Where >>> would be the place to configure? >>> >> This section of live-manual might be of some help --> >> http://live.debian.net/manual/current/html/live-manual.en.html#590 >> > Thanks for the hint. I was looking at the stable manual which still > seems to refer to wheezy and doesn't face crypted persistence. But > anyway, that's exactly, what I've done. And in this way I did it in the > past with success. > > The problem is: the cryptsetup binary exists in the chroot - but not in > the initramdisk. > > Any further idea? Anybody of you was able to build an image with crypted > persistence with the live helpers in wheezy? > > Is there anyway to specify which additional packages should reach the > initramfs? > > Best Regards > Jan > >
Attachment:
signature.asc
Description: OpenPGP digital signature