…I couldn’t think of a longer title :)
Here’s the situation: I have a desktop which ran Debian Etch and later Lenny, and now I want to run Ubuntu Intrepid on it. Some might say that you could use the wonders of APT to dist-upgrade the system, but that seemed a bit of a long stretch to me. In any case, getting a fresh installation would be a lot easier.
However, I wanted to keep the partitions which had been carefully layed-out when I installed Etch: I mostly followed the recipe that’s in this earlier post of mine, which produced an encrypted volume with a few LVM volumes inside that. Keeping this structure saves you
- moving the data in /home back and forth (actually, the forth part is still necessary, because you wouldn’t want to do this without backups, but at least you save yourself the back part)
- going through the whole encrypted/LVM partitioning-shebang again (although you could reasonably opt out of filling the disk with random bits since that’s happened before)
- uhm, I can’t remember point three…
Here’s the little problem: the Intrepid alternate installer doesn’t give you the option of opening existing LUKS volumes or activating LVM volumes. Luckily, I found some hints in this Debian bug-report. In fact going by the pointers that FJP gives there, you don’t really need me to tell you anything more – but I’ll still do it anyway to document that/how it works with the Intrepid alternate installer.
Some time before you enter the partitioner, you change to another console (e.g. Ctrl-Alt-F2), and type
modprobe dm-mod modprobe aes cryptsetup luksOpen /dev/sdx2 sdx2_crypt # replace x and 2 # enter the passphrase... vgchange -a y group_name # replace group_name
After that, you can go into the partitioner, and your LVM volumes will appear. If you do the above after entering the partitioner, it doesn’t recognise them correctly for some reason that’s too deep for me to grasp. Now you’ll still have to set the mount points, and you need to be careful when choosing which volumes to format (not /home, for example). The installation then proceeds as usual. Read on before you reboot though:
I rebooted straight after the install finished, and ran into the problem that the installer hadn’t written /etc/crypttab, so that the encrypted volume did not get unlocked and booting failed. It was easily fixable, using the install-cd in rescue mode. For some reason in rescue mode it asks the same questions as during the install, but I ignored that and asked for a command prompt (it’s in the menu, sorry I didn’t take screenshots…):
modprobe dm-mod modprobe aes cryptsetup luksOpen /dev/sdx2 sdx2_crypt # replace as before # enter passphrase vgchange -a y group_name mkdir /target # don't worry, this is in temporary space mount -t ext3 /dev/group_name/root_vol /target # mount your root dir ("/") mount -t ext3 /dev/group_name/home_vol /target/home # optional? mount -t ext3 /dev/sdx1 /target/boot # replace x and 1 mount -t proc /proc /target/proc mount -t sysfs /sys /target/sys chroot /target
Now, you’re not fiddling in temporary space anymore – just thought I’d mention it. Oh and for some reason mount complained when I tried this without specifying the ext3 filesystem types, I don’t see why. Let’s continue: we’re going to make an entry in /etc/crypttab, and then rebuild the boot image.
echo "sdx2_crypt /dev/sdx2 none luks" >> /etc/crypttab update-initramfs -u all
This rewrites the initrd images in your /boot, so that next time they’ll ask you to unlock the cryptodisk. I would not do the echoing, preferring an editor instead, but you get the idea. Most probably, you can also do all this before rebooting after the installer has done its work – that would save you some hassle (let me know if that works for you, thanks!).
Finally, in case you’re curious: Intrepid Ibex is quite neat. I’ll be a frequent user of the on-the-fly guest account feature…