Welcome
Welcome to refracta

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Unencrypt volume

Ask your questions here.

Re: Unencrypt volume

Postby aquilarubra » Sun Oct 26, 2014 5:15 pm

Just found: https://bugs.debian.org/cgi-bin/bugrepo ... bug=522041
"cryptsetup which is responsible for it's own hooks and conf/conf.d/cryptroot"

So, definitely my purging/reinstalling of cryptsetup was the reason it didn't ask for the password any more.

From a lot of threads (see for example https://projectgus.com/2013/05/encrypte ... an-wheezy/), it becomes clear that they cannot mount an encrypted filesystem if /conf/conf.d/cryptroot config file is missing. There are discussion how to recreate it, to mount luks encrypted volumes. So, if you just delete it, problem solved.
aquilarubra
 
Posts: 39
Joined: Wed Sep 10, 2014 7:07 am

Re: Unencrypt volume

Postby aquilarubra » Sun Oct 26, 2014 5:26 pm

Finally a good walkthrough: http://blog.nguyenvq.com/blog/2014/07/2 ... ypted-lvm/

Strangely, I did not have a etc/initramfs-tools/conf.d/cryptroot

However, it mentions a line in etc/default/grub:

GRUB_CMDLINE_LINUX="cryptopts=target=sdb5_crypt,source=/dev/sda5,lvm=vg01"

I don't have encrypted partitions any more. Can you check if you find this line in the grub file? Maybe it is this that causes update-initramfs to att cryptroot.
aquilarubra
 
Posts: 39
Joined: Wed Sep 10, 2014 7:07 am

Re: Unencrypt volume

Postby fsmithred » Sun Oct 26, 2014 5:41 pm

No, I don't have etc/initramfs-tools/cryptroot. I did have it on a previous installation that used encrypted lvm, but without the lvm, I don't get that file. I recall going through some of this in the past, but it was a different problem.

Also, nothing about cryptopts in etc/default/grub.

I tried the fixes in this thread, but they didn't work -
https://bugs.launchpad.net/ubuntu/+sour ... ug/1256730
(add 'CRYPTSETUP=n' and 'export CRYPTSETUP=n' to a couple of files)

Testing deletion of conf/conf.d/cryptroot now. Will get to boot the iso in a little while.
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

Re: Unencrypt volume

Postby fsmithred » Sun Oct 26, 2014 6:30 pm

Yes, deleting cryptroot works better. No error message this time. I'll fix the directions above.
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

Re: Unencrypt volume

Postby aquilarubra » Mon Oct 27, 2014 7:37 am

Can this be automated in refracta tools? Like a check on initrd, and if it finds the cryptroot and crypttab files and entries in fstab, it just deletes them and repacks? Maybe it should happen before any other thing.
aquilarubra
 
Posts: 39
Joined: Wed Sep 10, 2014 7:07 am

Re: Unencrypt volume

Postby fsmithred » Mon Oct 27, 2014 10:05 am

Yes, I was thinking that it should test to see if the snapshot is being made on an encrypted system, and if so, give a warning that the snapshot will not be encrypted, then if the user chooses to proceed, edit the initrd. It needs to happen after the copy of the system is made and before the filesystem gets squashed. The user interaction can happen near the beginning. Some of the code for this is already written (in dzz's patch_initrd, which is part of refracta2usb.)
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

Re: Unencrypt volume

Postby aquilarubra » Mon Oct 27, 2014 10:59 am

You could even leave a choice, allowing an encrypted snapshot to be created, alerting that it can be used as a backup to access current system ONLY (well, despite CTRL+D will allow to boot anyway).

The next question is: if somebody wants to use a liveCD to rescue a system using encrypted partitions... he will have to follow some guidelines. It won't happen auto-magically. So, it is a good idea to allow to create a snapshot to rescue at least one's personal system.
aquilarubra
 
Posts: 39
Joined: Wed Sep 10, 2014 7:07 am

Re: Unencrypt volume

Postby fsmithred » Mon Oct 27, 2014 11:51 am

I don't think an encrypted snapshot is possible at this time. Leaving cryptroot and crypttab files in place might allow the snapshot to be used to restore to the same system. I think you'd have to do it without formatting the partitions, so that the uuids didn't change. Have to think about that one some more.

Rescuing data from encrypted partitions is possible with all versions of refracta and every live-build I've ever made. As long as cryptsetup is included in the build, you can manually open and mount luks encrypted partitions to access the data.

Repairing a broken encrypted system is another story. It might be easier to reinstall to new encrypted partitions. I guess it depends on what's broken.

For the initrd repack, I'm thinking it might make sense to allow it to be patched the same as in refracta2usb, at least to allow using swap if there are swap partitions available. That still doesn't work right in live-boot 4.0.0-1.
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

Re: Unencrypt volume

Postby fsmithred » Mon Oct 27, 2014 5:43 pm

Swap works with dzz's patch for /lib/live/boot/3020-swap. I tried it with "swapon" and "swap=/dev/sda1" in the boot command with the same result. I don't think naming one swap partition would stop it from using a second one if it's available, but I didn't test that.

I didn't run the patch, I made the changes manually, but I think the line numbers are still the same. Patch was for 4.0~alpha21, and I'm using 4.0.0-1. I made the edits in the installed system, ran 'update-initramfs -u' and then ran refractasnapshot. (Do not use the no_copy option here.)

Oh well, I can't post the patch here; it has a dirty word in it. Download and boot the iso I'm about to upload, and you can look at the file there.
User avatar
fsmithred
 
Posts: 1987
Joined: Wed Mar 09, 2011 9:13 pm

Re: Unencrypt volume

Postby aquilarubra » Wed Oct 29, 2014 7:06 pm

Lol, ok. Will there be a repack of Refracta Snapshot?
aquilarubra
 
Posts: 39
Joined: Wed Sep 10, 2014 7:07 am

PreviousNext

Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred