Sample Header Ad - 728x90

Debian-installer custom luks crypto recipe

0 votes
1 answer
904 views
debian luks debian-installer preseed
I want to automate the install of Debian and have control over how the partitioning is done by providing a custom recipe. It was easy enough (ish) when I wasn't using luks or lvm, but I can't get the installer to use crypt and a custom recipe at the same time. The only way a successful install with a luks partition went through was when I let partman-auto do it with d-i partman-auto/method string crypto but it seems to ignore my recipe. 
### Partitioning
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select crypto-recipe
d-i partman-auto/expert_recipe_file string /crypto-recipe

d-i partman-crypto/passphrase string super-secret
d-i partman-crypto/passphrase-again string super-secret

d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-basicfilesystems/no_swap boolean false
crypto-recipe ::

    538 538 1075 fat32
        $iflabel{ gpt }
        $reusemethod{ }
        method{ efi }
        format{ } .

    512 1024 768 ext4
        method{ format }
        format{ }
        use_filesystem{ }
        filesystem{ ext4 }
        mountpoint{ /boot } .

    2000 2000 -1 crypt
        $iflabel{ gpt }
        method{ lvm }
        vg_name{ vg0 } .

    1000 1000 -1 lvmpart
        $lvmok{ }
        in_vg{ vg0 }
        lv_name{ root }
        method{ format }
        format{ }
        use_filesystem{ }
        filesystem{ ext4 }
        label{ doomar }
        mountpoint{ / }
        .
I want the installer to use the one and only physical disk, but am not sure if I need to specify something for that to happen. Any other options I should try? 
d-i partman-auto/disk string /dev/vda

d-i partman-auto/method string crypto
I've also tried specifying my crypt partition with percentages: 
100% 100% 100% crypt
        $iflabel{ gpt }
        method{ lvm }
        vg_name{ vg0 } .
There are too many other changes here and there I've tried to list and have got lost. Documentation seems a bit unclear. Is there a better alternative to use preseed files? They don't seem great and I've spent *a lot* of time trying to get them to work how I want, but they seem limited. A few problems I run into while trying various options: - Doesn't select a disk - Fails to install system - Insists on /boot despite /boot/efi present - Many examples are outdated (BIOS, not UEFI/GPT) - Falls back to partman-auto and doesn't follow recipe - Creates a blank partition (presumably what should be the crypt partition) next to where the system is installed If anyone can provide a working example, and clarify whether the method should be regular or crypto when specifying the partitions in a recipe, that at least would give me a starting point. ## Update I tried increasing the size of my virtual disk and it is more clear now that the problem is getting an lvm to be created inside the crypt container. Previously, if the crypt partition took the remaining space on disk then there wasn't anything left for the system. This is what I tried: 
crypto-recipe ::

    538 538 538 fat32
        $iflabel{ gpt }
        $reusemethod{ }
        method{ efi }
        format{ } .

    512 1024 512 ext4
        method{ format }
        format{ }
        use_filesystem{ }
        filesystem{ ext4 }
        mountpoint{ /boot } .

    2000 2000 -1 crypt
        $iflabel{ gpt }
        method{ crypto }
        vg_name{ vg0 } .

    2000 2000 -1 lvmpart
        $lvmok{ }
        in_vg{ vg0 }
        lv_name{ root }
        method{ format }
        format{ }
        use_filesystem{ }
        filesystem{ ext4 }
        label{ doomar }
        mountpoint{ / }
        .
Now it is clear 
vda                                                                            
├─vda1 vfat   FAT32        390B-57B3                             505.1M     1% /boot/efi
├─vda2 ext4   1.0          48ab2ad8-2744-4fe0-b8ed-dbb9766e0cae  369.7M    11% /boot
├─vda3                                                                         
└─vda4 ext4   1.0   doomar 5ada0c1d-4048-4ff6-ac23-4936dcc16710    1.1G    41% /
Model: Virtio Block Device (virtblk)
Disk /dev/vda: 5369MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name                  Flags
 1      1049kB  538MB   537MB   fat32        EFI System Partition  boot, esp
 2      538MB   1050MB  512MB   ext4
 3      1050MB  3049MB  2000MB
 4      3049MB  5368MB  2318MB  ext4
vda3 should be the luks crypt partition, and vda4 shouldn't exist, instead being an lvm inside vda3
Asked by a2k42 (131 rep)
Nov 12, 2023, 12:53 PM
Last activity: Nov 13, 2023, 03:12 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "debian"
More questions tagged "luks"
More questions tagged "debian-installer"
Footer Ad - 728x90