Welcome
Welcome to refracta

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Snapshot on usb with encrypted /home

Tips and Instructional topics. Not for support questions.

Re: Snapshot on usb with encrypted /home

Postby fsmithred » Tue Feb 19, 2013 8:43 pm

You don't have to actually install the experimental package into the build. For existing images It works to unpack the initrd used to boot from, replace /lib/live/* with the new stuff (unpack the deb or find the source package), then recompress and use the new initrd in your live-media's "/live" directory, be it cd or usb.


If the newer packages are not installed, won't that fix will get lost when someone installs and makes their own snapshot?
User avatar
fsmithred
 
Posts: 2081
Joined: Wed Mar 09, 2011 9:13 pm

Re: Snapshot on usb with encrypted /home

Postby dzz » Tue Feb 19, 2013 9:32 pm

If the newer packages are not installed, won't that fix will get lost when someone installs and makes their own snapshot?


It probably will be lost without manual intervention. I just meant, you can do it like that now with an image you got already, at first to test it, then if it works (this one seems to) actually have the benefit of using it immediately. It takes under 5 minutes to copy and mod an initrd (the one that sits outside the squashfs, i.e. the one you boot with) If something goes wrong you still got the original.

If you're thinking of installing it, the nature of "experimental" goes without saying. If you do make sure update-initramfs has run after (it might or not be automatic).

This stuff will all settle out in time.
dzz
 
Posts: 647
Joined: Wed Apr 27, 2011 11:53 am
Location: Devon, England

Re: Snapshot on usb with encrypted /home

Postby fsmithred » Wed Feb 20, 2013 4:18 am

I can confirm that encrypted persistence works in 4.0~a7. I'm not thinking of installing live-* packages from experimental. They should at least move down to sid first. And I'm pretty happy with your hack to make it work in wheezy. The deb package is about half ready. (refracta2usb, or maybe snapshot2usb-lite, mkusbcrypt, lukshome, hookscript, and the appropriate entry in live.cfg)
User avatar
fsmithred
 
Posts: 2081
Joined: Wed Mar 09, 2011 9:13 pm

Re: Snapshot on usb with encrypted /home

Postby dzz » Sat Feb 23, 2013 5:22 pm

4.0~a7 confirmed working also for a persistence "loopback" file in a LUKS/ext2 partition (filesystem label doesn't matter but filename must be "persistence" and include persistence.conf).

As you probably know if " debug" is added to cmdline you should get full logs in var/log/live/ This causes boot failure here when used with luks. I reported this as a bug but so far nobody seems to have taken much notice.

Can anyone here confirm that?

What doesn't work (and probably won't any time soon) is an actual LUKS persistence loopback file in a normal partition. It does using (maybe slighly modified) the hook script

That is something I find very useful.. I even got it working on a single-FAT partition device. Our hook script isn't redundant yet.
dzz
 
Posts: 647
Joined: Wed Apr 27, 2011 11:53 am
Location: Devon, England

Re: Snapshot on usb with encrypted /home

Postby fsmithred » Sun Feb 24, 2013 1:22 pm

I can confirm that debug causes failure to boot. I'm using the usb stick that I used above. Sid image, 4.0~a7, encrypted second partition, and modified initrd. It sees the usb stick as sda (correct- no internal hard drive), last few lines:

FAT-fs (sda1): UTF-8 is not...
aufs: module is from the staging directory, the quality is unknown, you have been warned
loop: module loaded
squashfs: version 4.0...
User avatar
fsmithred
 
Posts: 2081
Joined: Wed Mar 09, 2011 9:13 pm

Re: Snapshot on usb with encrypted /home

Postby dzz » Mon Mar 11, 2013 1:31 am

The debug actually does work. The key prompt doesnt show but if you wait a few seconds when it appears to freeze, then type in the passphrase, it will boot.

There is now a patch to get a LUKS persistence file in a non-LUKS partition working.
dzz
 
Posts: 647
Joined: Wed Apr 27, 2011 11:53 am
Location: Devon, England

Previous

Return to How-to

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred