Re: Encrypted containers & the Debian installer. - Works now.

To: debian-user@lists.debian.org
Cc: 21naown@gmail.com
Subject: Re: Encrypted containers & the Debian installer. - Works now.
From: Diagonal Arg <debian.org@niwas.net>
Date: Wed, 23 May 2018 00:56:18 -0700
Message-id: <[🔎] 52400698-eafc-547d-f459-ea3278acff93@niwas.net>
In-reply-to: <[🔎] ef98920f-b024-8cf4-162e-d33d394bb255@niwas.net>
References: <[🔎] 163678d6627.e1d3218e8796.5021193021553864846@niwas.net> <[🔎] 00829a5b-2345-cdc0-34e8-ecb2f8f1d82a@gmail.com> <[🔎] ef98920f-b024-8cf4-162e-d33d394bb255@niwas.net>

On 05/23/2018 12:36 AM, Diagonal Arg wrote:
> On 05/22/2018 05:06 AM, 21naown@gmail.com wrote:
>> Le 16/05/2018 à 08:05, Diagonal Arg a écrit :
>>> On my first tries with the Debian installer, I am struggling with the
>>> limited resources for installing to encrypted disks.  I am using the
>>> same technique I have used with Ubuntu, but failing at the last step:
>>>
>>> I create my luks disk(s) before-hand, then run the installer.  I find
>>> I have to anna-install cryptsetup-udeb, as there is no such choice in
>>> "Load Installer Modules".  Dropping to a shell, opening the disk, and 
>>> re-detecting hard drives allows me to carry out the installation (as
>>> long as there's a filesystem in the mapped device), but on reboot I'm
>>> at an initramfs without cryptsetup.  So I use a debian-live to pivot
>>> into the system to create a crypttab.  I find I also have to install
>>> cryptsetup.  Then I run update-initramfs.  Here is where I'm stuck. 
>>> The new initramfs still does not include cryptsetup.  Why is it not
>>> recognizing the crypttab?
>>>
>>> I have tried other approaches eg, during installation doing adding an
>>> apt-install cryptsetup (after "Select and Install Software") and then
>>> editing crypttab, but to no avail.
>>>
>>> /D
>>>
>>> PS.  I pivot like this, in case I'm missing something:
>>>
>>> mount root & boot devices in /target
>>> for f in dev dev/pts sys proc; do sudo mount -B /$f /target/$f; done
>>> chroot /target
>>>
>> Hello,
>>
>> In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line
>> “CRYPTSETUP” which is commented and/or has the default value “n”. If
>> this is the case, replace the line with “CRYPTSETUP=y”. So, the next use
>> of the command “update-initramfs” should solve your problem if I
>> understood it correctly.
>>
>> [...]
> 
> Thank you!  Cryptsetup is now in my initramfs.  I am close, but there
> still remains one issue.  When updating the initramfs, I get:
> 
> cryptsetup: WARNING: root target luks.root uses a key file, skipped
> 
> But it doesn't use a key file.  My cryptsetup is:
> luks.root	UUID=xxx	pwd	luks
> 
> And my fstab contains:
> /dev/mapper/luks.root	/	btrfs	defaults	0	0
> 
> When I boot the system, I drop into initramfs.  There, I can open the
> root disk myself and continue the boot process.
> 
> /D

Oops!  It's not "pwd" in the crypttab, it's "none"!

Works now.  Yay, yay!!  :)

Thanks so much.

/D

Reply to:

References:
- Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>
- Re: Encrypted containers & the Debian installer.
  - From: 21naown@gmail.com
- Re: Encrypted containers & the Debian installer.
  - From: Diagonal Arg <debian.org@niwas.net>

Prev by Date: Re: Encrypted containers & the Debian installer.
Next by Date: Re: making more room in root partition for distribution upgrade
Previous by thread: Re: Encrypted containers & the Debian installer.
Next by thread: lightdm (testing): Long waiting time after login
Index(es):
- Date
- Thread