Difference between pages "Rootfs over encrypted lvm" and "Package:Debian-sources"

(Difference between pages)
m (better-initramfs: typo)
 
(Created page with "{{Ebuild |Summary=This is the Debian kernel. This is default recommended kernel to use in http://www.funtoo.org/Funtoo_Linux_Installation |CatPkg=sys-kernel/debian-sources |Ma...")
 
Line 1: Line 1:
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted drive. It is not meant to be a standalone installation guide, rather, it is meant to be read alongside the [[Funtoo Linux Installation]] Guide.  
+
{{Ebuild
 
+
|Summary=This is the Debian kernel. This is default recommended kernel to use in http://www.funtoo.org/Funtoo_Linux_Installation
== Prepare the hard drive and partitions ==
+
|CatPkg=sys-kernel/debian-sources
This is an example partition scheme, you may want to choose differently.
+
|Maintainer=Oleg,
<code>/dev/sda1</code> used as <code>/boot</code>. <code>/dev/sda2</code> will be encrypted drive with LVM.
+
|Homepage=http://www.funtoo.org/Funtoo_Linux_Kernels
* <code>/dev/sda1</code> -- <code>/boot</code> partition.
+
* <code>/dev/sda2</code> -- BIOS boot partition (not needed for MBR - only needed if you are using GPT) This step required for GRUB2. For more info, see: [http://www.funtoo.org/Funtoo_Linux_Installation#Prepare_Hard_Disk] for more information on GPT and MBR.
+
* <code>/dev/sda3</code> -- <code>/</code> partition, will be the drive with LUKS and LVM.
+
 
+
With UEFI:
+
* <code>/dev/sda1</code> -- <tt>/boot</tt>
+
* <code>/dev/sda2</code> -- <tt>/</tt> partition
+
 
+
=== Wipe the hard drive ===
+
<console>
+
# ##i##gdisk /dev/sda
+
 
+
Command: ##i##x ↵
+
Expert command: ##i##z ↵
+
About to wipe out GPT on /dev/sda. Proceed?: ##i##y ↵
+
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities.
+
Blank out MBR?: ##i##y ↵
+
</console>
+
{{Fancywarning|This action will destroy all data on the disk.}}
+
 
+
== Encrypting the drive ==
+
Read more about different cipher options here: [http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/]
+
<console>
+
# ##i##cryptsetup --cipher aes-xts-plain64 luksFormat /dev/sda3
+
# ##i##cryptsetup luksOpen /dev/sda3 dmcrypt_root
+
</console>
+
There you'll be prompted to enter your password phrase for encrypted drive, type your paranoid password there.
+
{{Fancywarning|The default keymap at boot time is '''us'''. If you enter your passphrase using a different keymap, you won't be able to unlock your crypt volume if the passphrase contains any characters that are located elsewere on your keyboard layout that with the us layout.}}
+
= Create logical volumes =
+
<console>
+
# ##i##pvcreate /dev/mapper/dmcrypt_root
+
# ##i##vgcreate vg /dev/mapper/dmcrypt_root
+
# ##i##lvcreate -L10G --name root vg         
+
# ##i##lvcreate -L2G --name swap vg
+
# ##i##lvcreate -L5G --name portage vg
+
# ##i##lvcreate -l 100%FREE -nhome vg
+
</console>
+
Feel free to specify your desired size by altering the numbers after the -L flag. For example, to make your portage dataset 20GB's, use the flag -L20G instead of -L5G.
+
{{fancynote| Please, notice that above mentioned partitioning scheme is an example and not a default recommendation, change it accordingly to desired scheme.}}
+
 
+
= Create a filesystem on volumes =
+
<console>
+
# ##i##mkfs.ext2 /dev/sda1
+
# ##i##mkswap /dev/mapper/vg-swap
+
# ##i##mkfs.ext4 /dev/mapper/vg-root
+
# ##i##mkfs.ext4 /dev/mapper/vg-portage
+
# ##i##mkfs.ext4 /dev/mapper/vg-home
+
</console>
+
 
+
= Basic system setup =
+
<console>
+
# ##i##swapon /dev/mapper/vg-swap
+
# ##i##mkdir /mnt/funtoo
+
# ##i##mount /dev/mapper/vg-root /mnt/funtoo
+
# ##i##mkdir -p /mnt/funtoo/{boot,usr/portage,home}
+
# ##i##mount /dev/sda1 /mnt/funtoo/boot
+
# ##i##mount /dev/mapper/vg-portage /mnt/funtoo/usr/portage
+
# ##i##mount /dev/mapper/vg-home /mnt/funtoo/home
+
</console>
+
Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]
+
don't forget to emerge the following before your install is finished:
+
 
+
* '''cryptsetup'''
+
* '''lvm2'''
+
* '''a bootloader (grub recommended)'''
+
* '''kernel sources '''
+
 
+
= Editing the fstab =
+
Fire up your favorite text editor to edit <code>/etc/fstab</code>. You want to put the following in the file:
+
 
+
{{file|name=/etc/fstab|desc= |body=
+
# <fs>                  <mountpoint>  <type>    <opts>                          <dump/pass>
+
/dev/sda1              /boot        ext2      noauto,noatime                  1 2
+
/dev/mapper/vg-swap    none          swap      sw                              0 0
+
/dev/mapper/vg-root    /            ext4      noatime,nodiratime,defaults    0 1
+
/dev/sr0                /mnt/cdrom    auto      noauto,ro                      0 0
+
/dev/mapper/vg-portage  /usr/portage  ext4      noatime,nodiratime              0 0
+
/dev/mapper/vg-home    /home        ext4      noatime,nodiratime              0 0
+
 
}}
 
}}
 
+
== Introduction ==
== Kernel options ==
+
This is the Debian kernel. It is roughly equal to a kernel shipped by Debian Linux in their releases. Ebuild now support the <code>binary</code> USE flag. The aim of this ebuild is to have support for near all possible hardware and users shouldn't really dig into configs, aka "install and forget".  Daniel has added a special config-extract command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel.  
{{fancynote| This part is particularly important: pay close attention. }}<br>
+
== Usage ==
{{kernelop
+
|title=
+
|desc=
+
General setup --->
+
      [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
+
}}
+
{{kernelop
+
|title=
+
|desc=
+
Device Drivers --->
+
      Generic Driver Options --->
+
      [*] Maintain a devtmpfs filesystem to mount at /dev
+
}}
+
{{kernelop
+
|title=
+
|desc=
+
Device Drivers --->
+
      [*] Multiple devices driver support --->
+
      <*>Device Mapper Support
+
        <*> Crypt target support
+
}}
+
{{kernelop
+
|title=
+
|desc=
+
Cryptographic API --->
+
      <*> XTS support
+
      -*-AES cipher algorithms
+
}}
+
 
+
= Initramfs setup and configuration =
+
== Better-initramfs ==
+
'''Build your initramfs with [https://bitbucket.org/piotrkarbowski/better-initramfs better-initramfs] project.'''
+
 
+
{{fancynote| better-initramfs supports neither dynamic modules nor udev, so you should compile your kernel with built-in support for your block devices and file system support.}}
+
 
+
<console>
+
# ##i##cd /opt
+
# ##i##git clone git://github.com/slashbeast/better-initramfs.git
+
# ##i##cd better-initramfs
+
# ##i##less README.rst
+
# ##i##bootstrap/bootstrap-all
+
# ##i##make prepare
+
# ##i##make image
+
</console>
+
 
+
Copy resulting <code>initramfs.cpio.gz</code> to <code>/boot</code>:
+
<console># ##i##cp output/initramfs.cpio.gz /boot</console>
+
 
+
Alternatively, a pre-compiled binary initramfs is available at https://bitbucket.org/piotrkarbowski/better-initramfs/downloads
+
<console>
+
# ##i##wget https://bitbucket.org/piotrkarbowski/better-initramfs/downloads/release-x86_64-v0.7.2.tar.bz2
+
# ##i##tar xf release-x86_64-v0.5.tar.bz2
+
# ##i##cd release*
+
# ##i##gzip initramfs.cpio
+
# ##i##cp initramfs.cpio.gz /boot
+
</console>
+
 
+
Remember, better-initramfs project is a work in progress, so you need to update from time to time. It can be done easily with <code>git</code>. Go to the better-initramfs source dir and follow:
+
<console>
+
# ##i##cd /opt/better-initramfs
+
# ##i##git pull
+
# ##i##less ChangeLog
+
</console>
+
{{fancynote| Please read the ChangeLog carefuly and perform necessary updates to <code>/etc/boot.conf</code>. Also, please backup the working <code>/boot/initramfs.cpio.gz</code> and <code>/etc/boot.conf</code> before updating better-initramfs.}}
+
Alternatively and much faster is to install better-initramfs-bin package, recently added to Funtoo's portage tree:
+
<console>
+
# ##i##emerge better-initramfs-bin
+
</console>
+
 
+
== Genkernel ==
+
Funtoo's genkernel capable to create initramfs for encrypted drive. Compile and install kernel and initramfs of your favorite kernel sources:
+
<console>
+
# ##i##genkernel --kernel-config=/path/to/your/custom-kernel-config --no-mrproper --makeopts=-j5 --install --lvm --luks all </console>
+
 
+
== Bootloader Configuration ==
+
=== Grub2 configuration ===
+
==== better-initramfs ====
+
An example <code>/etc/boot.conf</code> for better-initramfs:
+
 
+
<pre>
+
boot {
+
  generate grub
+
  default "Funtoo Linux"
+
  timeout 3
+
}
+
"Funtoo Linux" {
+
  kernel vmlinuz[-v]
+
  initrd /initramfs.cpio.gz
+
  params += enc_root=/dev/sda3 lvm luks root=/dev/mapper/vg-root rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
+
}
+
</pre>
+
 
+
Now, run <code>boot-update</code> to write the configuration files to <code>/boot/grub/grub.cfg</code>
+
 
+
==== genkernel ====
+
Configure the bootloader as described above, with correct kernel and initramfs images names. An example for genkernel and grub2. You will be editing <code>/etc/boot.conf</code>:
+
 
+
<pre>
+
boot {
+
  generate grub
+
  default "Funtoo Linux"
+
  timeout 3
+
}
+
"Funtoo Linux" {
+
  kernel kernel-genkernel-x86_64-3.13.0
+
  initrd initramfs-genkernel-x86_64-3.13.0
+
  params += crypt_root=/dev/sda3 dolvm real_root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
+
}
+
</pre>
+
 
+
=== Lilo configuration ===
+
For oldschool geeks, an example for lilo bootloader. Emerge lilo with device-mapper support
+
<console>
+
# ##i##echo 'sys-boot/lilo device-mapper' >> /etc/portage/package.use/lilo
+
# ##i##emerge lilo
+
</console>
+
 
+
Example <code>/etc/lilo.conf</code> for genkernel:
+
 
+
<pre>
+
append="init=/linuxrc dolvm crypt_root=/dev/sda2 real_root=/dev/mapper/vg-root"
+
boot=/dev/sda
+
compact
+
default=funtoo
+
lba32
+
prompt
+
read-only
+
timeout=50
+
image=/boot/kernel-genkernel-x86_64-3.13.0
+
initrd=/boot/initramfs-genkernel-x86_64-3.13.0
+
label=funtoo
+
</pre>
+
 
+
=== Syslinux bootloader setup ===
+
Syslinux is another advanced bootloader which you can find on all live CD's. Syslinux bootloader does not require additional BIOS boot partition. /dev/sda2 is the root partition.
+
<console>
+
# ##i##emerge syslinux
+
# ##i##mkdir /boot/extlinux
+
# ##i##extlinux --install /boot/extlinux
+
# ##i##dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/mbr.bin of=/dev/sda
+
- or -
+
# ##i##sgdisk /dev/sda --attributes=1:set:2
+
# ##i##dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/gptmbr.bin of=/dev/sda, for GPT partition
+
</console>
+
 
+
Example <code>/boot/extlinux/extlinux.conf</code> for better-initramfs:
+
 
+
<pre>
+
LABEL kernel1_bzImage-3.2.1
+
MENU LABEL Funtoo Linux bzImage-3.2.1
+
LINUX /bzImage-3.2.1
+
INITRD /initramfs.cpio.gz
+
APPEND rootfstype=ext4 luks enc_root=/dev/sda2 lvm root=/dev/mapper/vg-root
+
</pre>
+
 
+
== Final steps ==
+
Umount everything, close encrypted drive and reboot
+
<console>
+
# ##i##umount -l -v /mnt/funtoo/{dev, proc, home, usr/portage, boot}
+
# ##i##vgchange -a n
+
# ##i##cryptsetup luksClose /dev/sda2 dmcrypt_root
+
</console>
+
After reboot you will get the following:
+
<console>
+
>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
+
>>> Create all the symlinks to /bin/busybox.
+
>>> Initiating /dev/dir
+
>>> Getting LVM volumes up (if any)
+
Reding all physical volumes. This make take awhile...
+
No volume group found
+
No volume group found
+
>>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
+
Enter passphrase fore /dev/sda2:
+
</console>
+
Type your password
+
 
+
 
<console>
 
<console>
>>> Again, getting LVM volumes up (if any, after map dmcrypt).
+
###i## echo "sys-kernel/debian-sources binary" >> /etc/portage/package.use
  Reading all physical volumes.  This may take a while...
+
###i## emerge debian-sources
  Found volume group "vg" using metadata type lvm2
+
###i## nano -w /etc/boot.conf
  4 logical volume(s) in volume group "vg" now active
+
###i## boot-update
>>> Mounting rootfs to /newroot
+
>>> Umounting /sys and /proc.
+
>>> Switching root to /newroot and executing /sbin/init.
+
INIT: version 2.88 booting
+
Loading /libexec/rc/console/keymap
+
  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
+
...boot messages omitted for clarity
+
 
+
orion login: oleg
+
Password:
+
Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
+
oleg@orion ~ %
+
 
</console>
 
</console>
 
+
{{fancyimportant|1=
== Additional links and information ==
+
<code>debian-sources</code> with <code>binary</code> USE flag also automatically installing a /usr/src/linux symlink pointing to debian kernel.}}
* [[gentoo-wiki:Root filesystem over LVM2, DM-Crypt and RAID|Root filesystem over LVM2, DM-Crypt, and RAID]]
+
== Advanced use ==
* [http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt System Encryption with LUKS for dm-crypt]
+
Additional information about using <code>config-extract</code> tool and genkernel tips can be found here:
* [http://en.wikipedia.org/wiki/Logical_volume_management Wikipedia article on LVM]
+
http://www.funtoo.org/Funtoo_Linux_Kernels
* [https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS Arch Wiki article]
+
{{EbuildFooter}}
 
+
[[Category:HOWTO]]
+

Revision as of 09:47, March 31, 2015

sys-kernel/debian-sources


Current Maintainer(s):Oleg Vinichenko
Source Repository:Funtoo Overlay
Homepage

Summary: This is the Debian kernel. This is default recommended kernel to use in http://www.funtoo.org/Funtoo_Linux_Installation

Use Flags

binary
Builds and installs kernel automatically
rt
Applies the CONFIG_PREEMPT_RT patch series

News

Drobbins

Better Experiences: Ego and Vim

Info on Funtoo's new personality tool called 'ego', and user-focused updates to vim's defaults.
27 April 2015 by Drobbins
Drobbins

How We're Keeping You At the Center of the Funtoo Universe

Read about recent developments that keep you, our users, at the forefront of our focus as Funtoo moves forward.
10 April 2015 by Drobbins
Mgorny

New OpenGL management in Funtoo

Funtoo is switching to an improved system for managing multiple OpenGL providers (Mesa/Xorg, AMD and NVIDIA). The update may involve blockers and file collisions.
30 March 2015 by Mgorny
View More News...

Debian-sources

Tip

This is a wiki page. To edit it, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Introduction

This is the Debian kernel. It is roughly equal to a kernel shipped by Debian Linux in their releases. Ebuild now support the binary USE flag. The aim of this ebuild is to have support for near all possible hardware and users shouldn't really dig into configs, aka "install and forget". Daniel has added a special config-extract command which can be used to list all available official Debian kernel configurations, and generate them from the Debian files included with the kernel.

Usage

# echo "sys-kernel/debian-sources binary" >> /etc/portage/package.use
# emerge debian-sources
# nano -w /etc/boot.conf
# boot-update
Important

debian-sources with binary USE flag also automatically installing a /usr/src/linux symlink pointing to debian kernel.

Advanced use

Additional information about using config-extract tool and genkernel tips can be found here: http://www.funtoo.org/Funtoo_Linux_Kernels