I decided to blow away the FrankenDebian I created on sda2. Its gone, but I have a Macrium Reflect Forensic backup so I can put it back in under 30 minutes (80 gig). Moving on. I am doing a 10.3 install (verified installer disk) of Debian on sda2. I am going to paste the process but feel free to skip to the bottom because that is where I am stuck. _______________________________________ LVM on Luks1 on sda2 and naming it Vault ** Boot up the Debian installer in expert mode [DEBCONFIG priority set to LOW] --> Load(space bar): mirror, crypto module, & rescue mode. Then – > Detect Disks and: ** [Before "Partition disks", hit Left-Alt-F2, and then …] ** modprobe dm-crypt cryptsetup luksFormat --type luks1 -c serpent-xts-plain64 -s 512 -h sha512 -i 25000 /dev/sda2 #create password and verify it cryptsetup open --type luks /dev/sda2 Vault # enter password pvcreate /dev/mapper/Vault # name is discretionary (Vault) vgcreate debian /dev/mapper/Vault lvcreate -L 15G debian -n root lvcreate -L 8G debian -n swap lvcreate -l 100%FREE debian -n home ** [Now Left-Alt-F1, and then …] ** Now proceed with partitioning from the menu. Remember to select all filesystems correctly and 4 mountpoints. [/, /home, swap, /boot] #device mapper will show them Install the base system, configure package manager, etc, etc. When it's almost finished, STOP, when the installer says "INSTALL GRUB BOOT LOADER ONTO A HARD DISK" STOP !!!!!!!!! ** [Now Left-Alt-F2, and then …] ** chroot /target /bin/bash nano /etc/crypttab #add in: Vault /dev/sda2 none luks exit 2 times, (Ctrl X) (confirm one line wrote – should see that note) [Now Left-Alt-F1, and then ...] Finish installation – > install bootloader directly on the USB flash which will show as an option. ________________________________________- I am getting the following error that I never received on my other installations: chroot: failed to run command ‘/bin/bash’: No such file or directory Reading around online until I get home. This appears to be a common error. The following suggestion seemed plausible and worked for another user. chroot: failed to run command ‘/bin/bash’: No such file or directory cp /bin/busybox bin/sh chroot /bin/sh ### works!(maybe no sudo) # / Does this solution seem reasonable? Any other suggestions? I know this is something simple because my machine is running 3 similarly created OS's, but they are a couple years old. My bios is set to legacy with CSM support. It came with UEFI but I don't use it. I don't know what has changed but I am reading about this in several places so something in the installer changed? BTW- as soon as I install this I will update to Buster immediately. This is a bare install with 9.12 because it offers a great expert mode installer.
Have you seen https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html ? And https://savannah.gnu.org/bugs/?55093 ? My current hosts are running jessie, and I'll need to update this part of my IVPN guides. I've never done the read-only USB /boot thing, but now it should supposedly work in buster, with everything using LVM2.
I installed my Debian using Debian Live. In GUI terminal emulator I used debootstrap and other tools. Then I edited some files and chrooted to directory manually to install some more packets including kernel and bootloader. Here is a starting point for your research if you are interested: https://wiki.debian.org/Debootstrap
Still a work in progress here. I am not too concerned about having /boot encrypted since I use removable flash sticks to mount Debian. I always pull the /boot stick after updating the host, and before going to "workspace" in my VM's. I am just starting out on LUKS2, but for now this is my project. Mirimir, when I was running Jessie (like your hosts) I never ran into this. Getting closer.
Guys, I went back to 10.3 since it makes no sense to install anything other than Buster. Same result. Install is easy and obvious BUT it won't boot. I don't care if I place the /boot files on a small 256 meg partition or a USB it fails to boot. I am 99.9% certain the install down to the installation of the bootloader is perfect. You see the steps above in the OP post. Lost here but reading. Is there a simple initramfs or shell process that can get me to the point where I can see a map or whatever I need to fix this? I could open the installed (but not working) OS using a live disk and search the fstab or whatever to get anything I might need. Frustrating and yet interesting. Something is staring me right in the face but I just can't see it. ?
Have you tried with stretch? If that works, you could just try upgrading to buster. As long as you're not encrypting /boot, you won't run into that issue of GRUB2 not supporting LVM2. I'm getting a sense that a lot changed in buster. Maybe that explains the name
Code: chroot: failed to run command ‘/bin/bash’: No such file or directory This worries me, chroot is not finding bash shell and that's not okay. Does that happen every time after installation? Yea, that gives you shell alright....but usually 'sh' is just symlink to real shell (that is bash in many cases...or dash also get used alot). And busybox is normally used only in inside initramfs file that often do the booting up thing (like handling luks) before kicking up the real system and real shell (bash) It all looks very messed up ....especially when encryption thrown into mix, so hard to know if it's failed grub install at the end of installation or some other piece of software (missing bash ) that is failing EDIT: In old days (at least before grub2), you could give "init=/bin/sh" as a kernel command-line parameter in grub boot menu (just select wanted grub/grub2 boot menu option and press 'e') to boot into poor-mans rescue shell but I don't know if it still works or if name changed (vaguely remember somewhere reading that it's rdinit now that is used for initramfs but not sure...) But of course, if the root partition is encrypted then this gives very little joy to poking around ....
No thankfully. This only happened once and never again. Just to remove any likely issues with Luks2 on Buster I added --type luks1 to the command line to tell Debian to use luks1 over luks2, which is now default on Buster. When I try to boot (again the PV and VG are named "Vault") I only see volume group debian not found on the screen and for whatever reason it pauses waiting and then drops to initramfs. I have a few thoughts and figured I'ld ask here. First, I have several WORKING Buster systems on this machine but they came about as upgrades from Stretch (all these are booting from independent USB sticks). Wondering if I had a look inside Grub on the working "sticks" to see if something stands out compared to the Grub on my failed stick installs? Also, maybe open a live disk and look around inside the installed system for anything, fstab and similar, to try and detect something missing. Truth be told I was hoping to play around some with Luks2 but for now I am sticking with version 1.
Got it finally!! Non-conventional solution but working super. I have been trying to install 10.3 clean on the same partition where my FrankenDebian resided. After thinking about it I reasoned that the USB /boot file for the FrankenDebian could be made to work on the fresh install after a bit of editing. I went that route. The FrankenDebian was fully updated and running Buster 10.3. I did NOT want to modify /boot so I edited the fresh 10.3 partition install using a Ubuntu Live disk. Fstab was changed to match the /boot UUID. I used cryptsetup to change the LUKS header UUID on the fresh install to "match" what the /boot flash was looking for. I opened and edited crypttab as needed. It fired up instantly and has been running great for a few days now! Wish I understood why I had to go this route. I really spent some time on this and these edits just came to me while I was sitting in a chair and visualizing the "handshake" between the flash and the partition. Running flawless, except for one item. Starting a new thread to deal with the gnome terminal and PASTING.