Diskussion:Install-Party/Linux Mint Debian Edition

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen

Installation mit Verschlüsselung

LMDE 3 meets https://gitlab.com/pepa65/lmdescrypt/raw/master/lmdescrypt ?

(default) disk layout

Calamares meets Btrfs

(nach der manuellen Partitionierung und) Angabe beim Programm für die Installation

cat /etc/fstab
# /etc/fstab: static file system information.
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=8f303b38-b7e7-4781-aa8e-f1559b5504d2 /boot          ext4    defaults,noatime 0 2
UUID=33436381-7031-48be-8785-a48061fcabd7 /              btrfs   subvol=@,defaults,noatime,space_cache,autodefrag 0 1
UUID=33436381-7031-48be-8785-a48061fcabd7 /home          btrfs   subvol=@home,defaults,noatime,space_cache,autodefrag 0 2
UUID=641494b3-d3a2-4c57-b022-cba4d00603f5 swap           swap    defaults,noatime 0 2
cat /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet resume=UUID=641494b3-d3a2-4c57-b022-cba4d00603f5"

cat /etc/crypttab
# /etc/crypttab: mappings for encrypted partitions.
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
# See crypttab(5) for the supported syntax.
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
# <name>               <device>                         <password> <options>

btrfs meets luks

cat /etc/fstab
/dev/sda1               /boot   btrfs   defaults,errors=remount-ro      0    1
/dev/mapper/vg-lv--swap none    swap    sw                              0    0
/dev/mapper/vg-lv--root /       btrfs   defaults,errors=remount-ro      0    1
/dev/mapper/vg-lv--home /home   btrfs   defaults,compress=lzo           0    1
proc    /proc   proc    defaults        0       0
cat /etc/crypttab
k-ot    UUID=8765dcba-ab12-cd34-ef56-123456abcdef       none    luks


cat /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash kopt=root=/dev/mapper/vg-lv--root"

sbin fehlt beim PATH

dpkg -i linux-UFRII-drv-v500-de/64-bit_Driver/Debian/cnrdrvcups-ufr2-uk_5.00-1_amd64.deb

Beachten Sie: PATH von root sollte normalerweise /usr/local/sbin, /usr/sbin und /sbin enthalten
export PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin

LMDE 4 mit verschlüsselten Massenspeicher und btrfs subvolumes (möglichst noch als mirror von 2 Geräten für Massenspeicher)

LMDE 6 "anderes Dateisystem"

Vorkenntnisse vor LMDE 6


Untersuchung Installation LMDE 6

standardmäßige Installation mit Verschlüsselung ext4 LMDE 6
nach dem Neustart in die Installation
cat /etc/crypttab
# <target name>	<source device>		<key file>	<options>
lvmlmde   UUID=3c96337f-bb08-4f9d-ba25-fe5d23afd680   none   luks,discard,tries=3
cat /etc/fstab
#### Static Filesystem Table File
proc	/proc	proc	defaults	0	0
# /dev/mapper/lvmlmde-root
UUID=ba9df8e4-a4fb-42f6-b3ef-682d8c3edd95 /  ext4 defaults 0 1
# /dev/mapper/lvmlmde-swap
UUID=9e412642-d11a-40f2-9c59-03f9a51f5e28 none   swap sw 0 0
# /dev/sda2
UUID=22a7ba7f-0999-43d8-90f2-34c85af6f167 /boot  ext4 defaults 0 1
# /dev/sda1
UUID=C002-8E9D /boot/efi  vfat defaults 0 1
cat /etc/default/grub.d/61_live-installer.cfg
#! /bin/sh
set -e

GRUB_CMDLINE_LINUX="cryptdevice=UUID=3c96337f-bb08-4f9d-ba25-fe5d23afd680:lvmlmde root=/dev/mapper/lvmlmde-root resume=/dev/mapper/lvmlmde-swap"
standardmäßige Installation ohne Verschlüsselung btrfs LMDE 6
während der Installation
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=3743316k,nr_inodes=935829,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=757356k,mode=755,inode64)
/dev/sdb1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048,iocharset=utf8)
/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime,errors=continue)
tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755,inode64)
overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work,redirect_dir=on)
tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,nodev,noexec,relatime,size=757356k,mode=755,inode64)
/dev/sdb1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048,iocharset=utf8)
/dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime,errors=continue)
tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755,inode64)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12771)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
ramfs on /run/credentials/systemd-sysusers.service type ramfs (ro,nosuid,nodev,noexec,relatime,mode=700)
ramfs on /run/credentials/systemd-tmpfiles-setup-dev.service type ramfs (ro,nosuid,nodev,noexec,relatime,mode=700)
ramfs on /run/credentials/systemd-sysctl.service type ramfs (ro,nosuid,nodev,noexec,relatime,mode=700)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,inode64)
ramfs on /run/credentials/systemd-tmpfiles-setup.service type ramfs (ro,nosuid,nodev,noexec,relatime,mode=700)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=757356k,nr_inodes=189339,mode=700,uid=1000,gid=1000,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
/dev/loop0 on /source type squashfs (ro,relatime,errors=continue)
/dev/sda3 on /target type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=256,subvol=/@)
/dev/sda3 on /target/home type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=257,subvol=/@home)
/dev/sda2 on /target/boot type btrfs (rw,relatime,ssd,space_cache=v2,subvolid=5,subvol=/)
nach dem Neustart in die Installation
cat /etc/crypttab
# <target name>	<source device>		<key file>	<options>
cat /etc/fstab
#### Static Filesystem Table File
proc	/proc	proc	defaults	0	0
# /dev/sda3
UUID=b84bec73-29b9-4e62-a830-5069650680af	/	btrfs	defaults,subvol=@	00
UUID=b84bec73-29b9-4e62-a830-5069650680af	/home	btrfs	defaults,subvol=@home	0	0
# /dev/sda2
UUID=dea84151-1736-439a-8127-a45f2a7feb75	/boot	btrfs	defaults	0	0
# /dev/sda1
UUID=FDD2-C26F	/boot/efi	vfat	defaults	0	1
cat /etc/default/grub.d/61_live-installer.cfg

Erarbeitung Verschlüsslung und btrfs




sudo live-installer-expert-mode

/target ist die das gewünschte Ziel! Alles Nachfolgende wird aber noch mit /mnt/target angegeben.

sudo mkdir /mnt/target
sudo mount -o subvol=@ /dev/mapper/lvmlmde-root /mnt/target
sudo mkdir /mnt/target/home
sudo mount -o subvol=home /dev/mapper/lvmlmde-root /mnt/target/home
sudo rsync -avz /run/live/medium/casper/filesystem.squashfs/ /mnt/target/


sudo mkdir /mnt/target/dev
sudo mount --bind /dev /mnt/target/dev
sudo mkdir /dev/pts /mnt/target/dev/pts
sudo mount --bind /dev/pts /mnt/target/dev/pts
sudo mkdir /mnt/target/dev/shm
sudo mount --bind /dev/shm /mnt/target/dev/shm
sudo mkdir /mnt/target/proc
sudo mount --bind /proc /mnt/target/proc
sudo mkdir /mnt/target/sys
sudo mount --bind /sys /mnt/target/sys
sudo mkdir /mnt/target/tmp
sudo mount --bind /tmp /mnt/target/tmp
sudo mkdir /mnt/target/
cp -f /etc/resolv.conf /mnt/target/etc/resolv.conf
chroot /mnt/target

(bevorzugte) Verwendung von zram aktivieren

Bei einer standardmäßigen Installation (ohne Verschlüsselung) mit btrfs wird anscheinend keine Partition (und keine Datei) für SWAP erstellt. (Gut! Stattdessen kann - zeitgemäßer - zram verwendet werden.)

apt install zram-tools
systemctl status zramswap.service
systemctl is-enabled zramswap.service
systemctl is-active zramswap.service