You are not logged in.
Pages: 1
I made an incorrect assumption that the host's /boot was on a cryptdevice, which lead us down the wrong path. Sorry about that. I should have initially asked for the contents of the configuration files you supplied.
The install is not Full Disk Encryption (FDE). Only one partition is encrypted. The disk has an extended partition which indicates that it uses DOS partitioning scheme.
/dev/sda is the boot disk.
/dev/sda1 is the unencrypted /boot partition.
/dev/sda2 is the extended partition. Required on DOS partitioned disk in order to have more than four (4) partitions.
/dev/sda5 is the OS partition with swap on LVM on luks encryption.
In this case the OS partition contains swap and the root (/) tree excluding /boot, all on top of LVM. Which in turn is on top of luks encryption.
The Debian Installation (di) uses that method as the default installation method using encrypted storage. It is arguably not the best method but it makes things easy for beginners.
GRUB requires access to /boot, in this case /boot is not on an encrypted device, therefore, the cryptdevice definition on the /etc/defautl/grub GRUB_CMDLINE_LINUX="cryptdevice=<crypto device>:<mapper name>" line entry should not be there. Additionally, the initramfs option is not needed in /etc/crypttab, though it does not hurt.
Change the grub and crypttab files.
/etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
GRUB_ENABLE_CRYPTODISK=y
/etc/crypttab
sda5_crypt UUID=<UUID> none luks,initramfs
Run:
update-initramfs -u -k all to update the /boot/initrd.img.xxxxx images.
and
update-grub to update /boot/grub/grub.cfg.
After, reboot and test boot up with the 4.19.x and then the 5.8.x kernels. The results should be the same as before: boot okay with 4.19.x kernel and
password error with 5.8.x kernel.
cryptsetup: ERROR: sda5_crypt: cryptsetup failed, bad password or options?
In this case the problem is just that: bad password or options.
Bad password: this can be either user error or keyboard configuration miss-match during boot.
An easy test is to boot up using the 4.19.x kernel and add a key to the luks on /dev/sda5. luks can have up to eigth (8) keys.
Reference: man cryptsetup
To add a key enter the following command after full boot up with the 4.19.x kernel
cryptesetup luksAddKey /dev/sda5 use "1234" ad the key. This is for testing, you can change it later.
Reference: man cryptsetup
Reboot using the 5.8.x kernel and try the 1234 password. If this works the it a keyboard configuration issue.
Let me know the results.
For clarification
/dev/sda - first disk
/dev/sdb - second disk
/dev/sda1 - first partition on first disk
/dev/sdb2 - second partition on second disk
/dev/sdc5 - fifth partition on third disk
The configuration of /etc/crypttab does not seem correct. It has two entries for mapper device sda1_crypt, there should only be one per device. Second the initramfs option is missing from each entry. You can ignore the discard option it is not relevant for boot up. Look at the man page for crypttab for details: man crypttab. The initramfs option is needed to unlock and process the device during boot up: see the man page for details.
E.g., sda1_crypt UUID=xxx none luks,initramfs
Adding the initramfs option to /etc/crypttab entries, requires running update-initramfs for the device to be added to the /boot/initrd.img-x.x.x.x.x which is used during boot.
The /etc/crypttab also shows that there are more than one cryptdevices. The cryptdevcie entry in /etc/default/grub with the UUID must be the UUID of the device that contains /boot. The /boot may be on its own partition. I'm guessing /boot on sda1_crypt and the root (/) is on sda5_crypt. If I'm right the cryptdevice for GRUB is the UUID of sda1_crypt.
In order to eliminate the guess-working can you please provide the output information form the following commands, you can remove sensitive information such as exact UUID, etc.
cat /etc/default/grub
cat /etc/fstab
cat /etc/crypttab
lsblk -f -o +size
fdisk -l
Since you cannot boot into the system you can use the Devuan live-CD/DVD/USB or mount the disk in another system to get the information.
Advice: before running any command you are give by others, always look at the command's man page and check the options to see what should happen.
You are welcome.
There seems to be two entries missing from /etc/default/grub:
GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX="cryptdevice=<crypto device>:<mapper name>"
GRUB_ENABLE_CRYPTODISK=y
Reference: info grub
"If set to 'y', 'grub-mkconfig' and 'grub-install' will check for encrypted disks and generate additional commands needed to access
them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container."
and
GRUB_CMDLINE_LINUX="cryptdevice=<crypto device>:<mapper name>"
E.g.,
GRUB_CMDLINE_LINUX="cryptdevice=UUID=f1ad0cb32e8c-e494-43ab-a574-b9f1ba0e-43ab-a574:sda1_crypt"
You may not need this line if there is only one cryptdevice. However, the addition of one or more cryptdevices may cause GRUB to try to unlock the incorrect cryptdevice. I recommend adding it anyway to be explicit and to avoid "head scratching" later if you add one or more cryptdevices.
Suggest removing "quiet" form the Linux command line so that you can see what is going on during the boot process. This may give some additional clues as to what is happening or not happening.
/etc/default/grub:
-- GRUB_CMDLINE_LINUX_DEFAULT="quiet"
++ GRUB_CMDLINE_LINUX_DEFAULT=""
So your /etc/default/grub file will look similar to this:
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="cryptdevice=UUID=f1ad0cb32e8c-e494-43ab-a574-b9f1ba0e-43ab-a574:sda5_crypt"
GRUB_ENABLE_CRYPTODISK=y
The blkid command can be used get the UUID: blkid /dev/sda5
I've seen claims that GRUB has added luks2 support and that a patch has been available since January, however, I can not verify this. According to GNU GRUB Bugs #55093 support for luk2 is expected to appear in release 2.06. Reference: https://savannah.gnu.org/bugs/?55093. If it works great! I'm using the same version of GRUB as you are, so I'll try it myself.
One more thing. This shows that partition sda5 is being used for the entire OS. What are sda1-4 being used for? Is sda using DOS or GPT disk partitioning? GRUB requires a "BIOS boot" partition on GPT while it does not on DOS type disks.
─sda5
└─sda5_crypt
├─user--vg-root
├─user--vg-var
├─user--vg-swap_1
├─user--vg-tmp
└─user--vg-home
Suggestion: put swap in it own partition or drive. This has many advantages such as excluding swap form backup jobs, more flexibility regarding swap manipulation, and more. If hibernation is not a requirement then a swap partition or drive can be encrypted with a random encryption key. Just add the appropriate line to the /etc/crypttab and /etc/fstab files, the partition or drive must not contain a filesystem.
E.g./etc/fstab entry
# Swap filesystem luks2 random, was on /dev/sda3
/dev/mapper/luks2-swap none swap sw 0 0
E.g. /etc/crypttab entry
# Random key encrypted partition
luks2-swap /dev/sda3 /dev/urandom cipher=aes-xts-plain64,size=256,swap,discard
Out of curiosity, what is the justification of the seemingly wide-spread obsession with reducing boot time below its current average levels. Which in my experience with Devuan is a few minutes using multiple fully encrypted disks/drives and partitions, and KDE desktop. If I use a vanilla install I don't even notice the boot-time.
If one wants to reduce boot time below the current levels, a few seconds to a few minutes, just-because, then I can understand that. What I don't understand is the portrayed practical need to do so.
The only thing I can think of is for enterprise deployment, in which case having redundant servers and server clusters with distributed storage is the logical way to go.
Form the information you provided, the only thing that is different is installation of a new kernel, there maybe something missing from the initrd.img.x.x.x.x generated for that specific kernel.
The related initrd.img.x.x.x.x is automatically generated and updated for a new kernel, when the kernel is installed, and is configured based on the relevant configuration files: GRUB and initramfs configuration files. If these configuration files have been modified then the boot process will be affected. The update can be done manually with update-grub and/or update-initramfs, (update-grub normally calls update-initramfs).
The initrd.img.x.x.x.x files for each installed kernel are located under /boot/, which must be accessible to GRUB at boot, i.e., if GRUB can not access /boot then the system will not boot. The filesystem hosting /boot must be available and readable by GRUB at boot.
E.g.,
ls -1 /boot/
config-5.5.0-0.bpo.2-amd64
config-5.7.0-0.bpo.2-amd64
config-5.8.0-1-amd64
efi
grub
initrd.img-5.5.0-0.bpo.2-amd64
initrd.img-5.7.0-0.bpo.2-amd64
initrd.img-5.8.0-1-amd64
System.map-5.5.0-0.bpo.2-amd64
System.map-5.7.0-0.bpo.2-amd64
System.map-5.8.0-1-amd64
vmlinuz-5.5.0-0.bpo.2-amd64
vmlinuz-5.7.0-0.bpo.2-amd64
vmlinuz-5.8.0-1-amd64
The files under /boot/grub/ are automatically generated and modified every time update-grub is run, and their manual modification is not recommended.
To modify GRUB modify either /etc/default/grub and/or the files under /etc/grub.d/ and then run update-grub, which will generate/modify the files under /boot/grub
Similarly with initramfs, after modifying file under /etc/initramfs-tools/, run update-initramfs to make the changes take effect.
I suggest doing the following, running all commands as the root user:
1. Run
update-grub
2. Reboot and check the outcome. Note all messages and address any errors, warnings, etc.
If the above does not work...
1. Run
update-initramfs -u -k all
-u: update initrd.img.x.x.x.x
-k all: update all initrd.img.x.x.x.x
2. Reboot and check the outcome. Note all messages and address any errors, warnings, etc.
If it still does not work...
1 Edit the default grub file comparing it with a know-good file.
nano /etc/default/grub
2. Reboot and check the outcome. Note all messages and address any errors, warnings, etc.
If it still does not work...
Check the files under /etc/initramfs-tools/
2. Reboot and check the outcome. Note all messages and address any errors, warnings, etc.
If it still does not work post the content of the /etc/default/grub and /etc/initramfs-tools/ here and state exactly what you did and the results as well as a relevant log entries.
Note: currently the are two versions of luks for cryptsetup: luks1 and luks2. The current stable version of GRUB does not have full support for luks2, therefore, it will not decrypt luks2.
FYI: I have been using ZFS on luks1 to boot, which requires the installation of the related kernel header files to generate the needed ZFS modules for incorporation into the related initrd.img.x.x.x.x.
Host build suggestion: you can modulize your host's OS and data to minimize data loss and ease repairs, backup, restores, etc., by using separate partitions or drives/disks.
Example 1.
/dev/sda
sda1 # boot filesystem: only used to boot the host
sda2 # root filesystem: only used to run the host
sda3 # users' home filesystem; only used to store users' configuration and data
sda4 # swap space: only used by the running kernel
Example 2. This can be done for physical machines (PMs) but is better suited for virtual machines (VMs).
/dev/sda
sda1 # boot
/dev/sdb
sdb1 # root filesystem
/dev/sdc
sdc1 # users' home filesystem
/dev/sdd
sdd1 # swap space.
You can mix and match examples 1 and 2 to suite your needs.
I've looked into running Proxmox without Systemd and gave up. The version prior to Systemd's integration is just too outdated and lack all the functionality that make the newer version of Proxmox attractive. The Proxmox developers have stated that Proxmox and Systemd are so intertwined that Proxmox can not function without it and they have no intention of taking on a separation task.
A fork or a different hypervisor manger seems the only practical solution. I do not have the resources to fork it.
I've looked at the OpenNebula site with states that CentOS is under the hood. CentOS depends on Systemd which bring us back to square one.
I think it may be possible to install Qemu ZFS and Ceph on Devuan but it would lack the web graphical user interface (WGUI) and other niceties Proxmox provides.
Caieng
If you are seeking help to resolve issues you are having with Devuan printer, scanner, and sound functionality you need to state the details about the specific problems you are having one at a time. OS version, make and model of the devices, device related applications installed and their version, what you did to install the device, how did you test the its functionality, what you expected to happen, what happened and any system messages such as errors, warnings, etc. What related information are logged in the log files.
I.E., troubleshooting information.
The information you provided is too vague making it very difficult for anyone to help.
Printer and scanners are two completely different devices. Their design, functionality, purpose, usage, and how they are installed and their related software are different. Even though both devices maybe build and sold in a single package they are still two separate devices and their install and configuration are exclusive of each other. On GUN/Linux, in the this case Devuan, it is best to first install the printer and confirm its functionality then do the same with the scanner. Do the install of each and if it does not work provide the relevant troubleshooting information so that we can help you.
To answer your printer question, Devuan like most GNU/Linux system uses the CUPS printing system to print, therefore, the useful life of your printer depends on CUPS not Devuan. Additionally, CUPS use the printers’ PPD file to properly communicate with the printer. Basically, as long as there are not related fundamental changes to CUPS the original PPD file that worked before will continue to work.
To learn more about Linux printing research the following, some include compatibility lists and drivers:
CUPS
https://www.cups.org/
Open Printing
https://openprinting.github.io/
HP Linux Imaging and Printing (HP printers and scanners)
https://developers.hp.com/hp-linux-imaging-and-printing
For Linux scanning: SANE -Scanner Access Now Easy
http://www.sane-project.org/
The same goes for your sound problem: provide the relevant detailed troubleshooting information.
Making statements like “This is to my way of thinking, a killer, for this OS, if it isn't possible to fix, in a forthcoming iteration.” and similar appears to be ranting which does not encourage others to help you. The help provided here is voluntary. Reread your post and ask yourself this question. Would this encourage you help this person?
I run several Devuan print servers controlling hundreds of printers, old and new, and I’ve only had problems with WinPrinters and latest model printers. WinPrinters are deliberately designed to work only with MS Windows. For the latest model printers, extracting the PPD files from their driver package and coping it to the appropriate directory on the print server resolved the issue allowing for basic printing until a Linux package was released.
I’ve done countless install of all the previous and current stable versions of Devaun on physical and virtual machines (PMs an VMs) and found that sound just works! I too am no please with using Pulseaudio (another insane creation form the maker of ...), however, I’ll live with it until I can dedicate enough time to work on replacing it, or if some else shares a method.
I look forward to your next post which will hopefully include the relevant troubleshooting information.
Please clarify and provide more details on what is happening. What is FDE? What exactly can't you open anymore? When is this happening, what is being displayed, what are you typing, and what is the response shown? Is the problem happening during boot, at what stage, or after boot?
Additional packages can be installed during the installation. This is one way to do it.
Following the Devuan installation guide,
https://www.devuan.org/os/documentation … all-devuan,
additional packages/software can be installed after step
"18) The installer will now install the packages you selected. This will take some time.",
before step
"19) Next you will be asked to choose your preferred init system. The default in Devuan is sysvinit".
The newly installed system is mounted on /target during the installation process and is fully functional after step 18 above.
You can chroot into the new system at this time and use apt-get to install any available package.
You can make almost any changes at this time you would be able to make after the system installation has completed and you've booted into the newly installed system.
Here is the procedure.
1. Start the installation and following the instructions in the guide.
2. Wait until step "18) The installer will now install the packages you selected. This will take some time." has completed.
3. The prompt for "19) Next you will be asked to choose your preferred init system. The default in Devuan is sysvinit" will be displayed.
Do not proceed with selecting the init system you want to install at this time.
4. Press Alt+F2 on the keyboard to get to tty2 then press the Enter key.
You will be presented with the root user prompt.
5. Chroot into the newly installed system by entering the following command at the shell prompt.
chroot /target /bin/bash --login
After which you will be logged into the newly installed system just as if you booted it up and logged in.
6. Install the desired package such as the firmware-amd-graphics package by entering the following command.
apt-get install firmware-amd-graphics
7. Install any other packages needed.
8 When done, exit the chroot by entering the following command.
exit
9. Press Alt+F1 on the keyboard to get back to the installation.
Step "19) Next you will be asked to choose your preferred init system. The default in Devuan is sysvinit"
10. Continue the installation from this point as described in the installation guide.
Pages: 1