Overview

summary

This project attempts to make it easier for users to install LMDE with, instead of the normal partitions,

1. resizable "volumes", currently using LVM2
2. encryption, currently using LUKS

Branch= master currently uses both LVM2 and LUKS, but my intent is to allow the user to choose either, both, or none (i.e., to just run the character-mode LMDE installer). (Branch= support_LVM2_without_LUKS currently contains initial, untested work toward its stated goal.)

implementation

Currently this install

This project currently includes two examples of properties files:

Feel free to fork this project to send us a pull request with your properties file! Note however that install_LMDE_plus_LUKS_LVM2.sh will want to source install_LMDE_plus_LUKS_LVM2.properties at runtime, so be sure to make your properties file have that name at runtime. (Or edit the script, but I deprecate that.)

instructions

1. Create a Live LMDE installer (e.g., LiveCD, LiveUSB). Note

• This process has been most recently tested with LMDE version=201403.
• The following instructions assume you will use a LiveUSB, as created by, e.g., these instructions (used by this author with LMDE-201403).
• You can edit your properties file (and script if desired) now and then add them to your install media pre-boot, or you can download the default properties file (i.e., install_LMDE_plus_LUKS_LVM2.properties) and script (i.e., install_LMDE_plus_LUKS_LVM2.sh) to your device after booting the install media (editing in place using whatever editor(s) are included with the Live installer).
• Note that, at boottime, your LiveUSB will be mounted read-only. I.e., I am unaware of any way to edit and rerun your script or properties on a booted LiveUSB.
• Note that / on a LiveUSB when not booting becomes /lib/live/mount/medium/ at boottime. I.e., if you're editing files that are in /media/you/YourUSBDrive/foo/bar/ pre-boot, at boottime the files will be in /lib/live/mount/medium/foo/bar/.
• At boottime, you will need to run your script as sudo, or else deal with privileges throughout your script.
2. Boot your LiveUSB (or other install media).

3. If not previously saved to your installer (which is recommended), you can setup your install script and properties at boottime (not tested by me, but believed to work):

• download script and properties. Open a Terminal (mainmenu>Terminal, which here is assumed to run bash) and run
DIR='/path/to/your/files' # choose path carefully: DIR must *NOT* be
# - on the LiveUSB or other read-only mount
# - on a device which you will be formatting or installing
mkdir -p "${DIR}" # in case DIR does not exist (which '.' of course does :-) # download the script (if not creating your own) URI='https://bitbucket.org/tlroche/install_resizable_encrypted_lmde/raw/HEAD/install_LMDE_plus_LUKS_LVM2.sh' # or where you get this from, if different FN="$(basename ${URI})" # filename of your download FP="${DIR}/${FN}" wget -c -O "${FP}" "${URI}" # download this, allowing restart (JIC) chmod +x "${FP}"        # script must be executable to chroot

URI="$(echo -e "${URI}" | sed -e 's/\.sh$/.properties/')" FN="$(basename ${URI})" # filename of your download FP="${DIR}/${FN}" wget -c -O "${FP}" "${URI}" chmod +r "${FP}"        # properties must be readable to source

• inspect and edit your local properties file. Use one of the editors included on your install media (e.g. gedit, nano) to run something like
your_editor_here /path/to/your/files/install_LMDE_plus_LUKS_LVM2.properties

4. Partition the target drive (here assumed to be /dev/sda--see var= grub_device in the script. This example

• creates a 128 MB boot partition in /dev/sda1
• gives all remaining space to a single volume (/dev/sda2) to be encrypted with LUKS and managed with LVM2.
sudo fdisk /dev/sda [hit Enter]
o [Enter]
n [Enter]
[Enter]
[Enter]
[Enter]
+128M [Enter]
n [Enter]
[Enter]
[Enter]
[Enter]
[Enter]
w [Enter]

5. Start the script: e.g.,

pushd /path/to/your/files/
sudo ./install_LMDE_plus_LUKS_LVM2.sh ./install_LMDE_plus_LUKS_LVM2.properties

6. Interact with the script: e.g.,

• give password for encryption when prompted (twice the same)
• give password for decryption when prompted (once)
7. Wait a bit for this script to and to start the the LMDE installer, then interact with the non-graphical version of LMDE installer. You will provide the same information as with the GUI installer to which you might be more accustomed, but inside the terminal. (A blast from the past !-)

8. When the script completes, you are back at the command line. Shut down your device (e.g., with sudo shutdown -Ph now) and remove the install media (LiveCDs are a bit more tricky at this point), then restart your device.

9. First thing to do on restart: check your mounts! Open a terminal, and run (as a normal user)

df -h
mount
cat /etc/fstab


TODO

1. Retest most recent commit! I wanted to update this README to address issue#=1 and noticed I had a lot of uncommitted code. I'm pretty sure I tested these with an install to one of my boxes but am not sure :-( So if something goes wrong, please let me know!
2. Move these TODOs to our project Issues.
3. throughout: replace use of {0, 1} with "real bash booleans" {/bin/false , /bin/true}
4. install_LMDE_plus_LUKS_LVM2.sh: finish/test support for LVM2 without LUKS
5. install_LMDE_plus_LUKS_LVM2.sh: support install with LUKS without LVM2
6. install_LMDE_plus_LUKS_LVM2.sh: support "straight" LMDE install with neither LVM2 nor LUKS
7. install_LMDE_plus_LUKS_LVM2.sh: test that var= managed_device is not an extended partition.
8. install_LMDE_plus_LUKS_LVM2.sh: drive fdisk or equivalent, replacing manual partitioning in instructions.
9. Get this functionality into the LMDE installer, so we don't hafta maintain this!
10. To install extra packages, integrate with Backup Tool/mintbackup output to "restore software selection". See section=D3.2 of the tutorial How to upgrade to a newer release.
11. install_LMDE_plus_LUKS_LVM2.sh: use better bash booleans (/bin/true, /bin/false)
12. Add testing sudo cryptsetup benchmark to the instructions (with something about its interpretation, which is lacking in the cryptsetup FAQ).