On 05/22/2018 12:58 PM, Michael Ranft - m@xxxxxxxxxxxxxxxx wrote: > On Dienstag, 22. Mai 2018 00:50:39 CEST Diagon wrote: >> So I'm doing something that I've done many times with Ubuntu. That is, >> preparing my disks in the live system (usually /boot on a USB stick and >> / on luks, no partition table on that second drive), then running the >> install, and finally pivoting in to fix crypttab and update the initramfs. >> >> After many tries with the debian installer, I've almost been able to get >> this to work, though it does need some tending to to get there. The >> problem comes after I've pivoted in. I install cryptsetup, as I find >> that it's not there, and then correct crypttab/initramfs. Oddly, I find >> the initramfs does not include cryptsetup. Hmmm. >> >> I'm getting crickets on the Debian user list, but I figure someone here >> must have done something like this. Any hope I might find help? >> >> /D > > > I did a similar thing with ascii 2 weeks ago (and wheezy years ago, ) because > I wanted different cryptsetup parameters than the installer offered: plain-dm > (no LUKS), hash sha512 and size 512. > So I started the installer and did every step of it, including the > partitioning of crypted devices and choosing the modules for encryption etc > before. > I stopped right before "install base-system". I opened a shell and copied > _all_ installed files and dirs of the new system (under /target: crypttab > etc). to secure them, then I destroyed the partitions with the unwanted > cryptsetup parameters and recreated them with the new params, modified > crypttab as desired. > Then I proceeded with "install base system" and the following steps as usual. > A minor difference: I used plain-dm-crypt and an underlying software raid > (mdadm etc). System runs fine and performance is more than acceptable (x220/i5 > with 850 pro/840evo). > HTH > Michael Michael - I found the solution, which works on both Debian and Devuan. I was given some kind help by someone on the Debian user's list, which I am copying here: ------------ In the file “/etc/cryptsetup-initramfs/conf-hook”, there is a line “CRYPTSETUP” which is commented and/or has the default value “n”. If this is the case, replace the line with “CRYPTSETUP=y”. So, the next use of the command “update-initramfs” should solve your problem if I understood it correctly. I think “CRYPTSETUP=y” is automatically set if you create an encrypted partition by following the installer’s instructions, but not when you do it outside these instructions. ---------- So, to explain my process for anyone who comes this way ... (1) Create encrypted containers as needed using a live system. Make sure to create the filesystem you want in the containers (2) Start the installer and run through "Load Installer Components". Make sure you have loaded crypto-dm-modules (3) Continue the installation through "Detect Hard Drives" (4) Drop to the shell and run 'anna-install cryptsetup-udeb'. Then open your encrypted containers. (5) Return and run "Detect Hard Drives" again. (6) Continue to the partitioner. You will see your /dev/mapper device(s) listed. Note that if there is no filesystem in the device, when you select it, the partitioner will want to create a partition in there. (7) Now you can do the rest of the install, though the installer will not recognize that cryptsetup has to be included. While I exited the install and then pivoted in to 'apt-get install cryptsetup', fix the crypttab/fstab and /etc/cryptsetup-initramfs/conf-hook, after which I update-initramfs and update-grub, someone else may want to see if it is possible to finish the process through the installer. You may be able to do it like this: (8) After "Select and Install Software", drop to a shell and 'apt-install cryptsetup'. Then edit cryptab/fstab and fix /etc/cryptsetup-initramfs/conf-hook as describe above. (9) Exit the shell and return to finish the install. My guess is it may work. /D _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
