Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Gentoo in encrypted LVM
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Wed Jul 31, 2013 3:40 pm    Post subject: [SOLVED] Gentoo in encrypted LVM Reply with quote

I'm trying to install Gentoo in encrypted LVM. The main problem is to generate proper initrd. I know that there are few ways to do that: genkernel, dracut, better-initramfs.
If it's possible I would like to stick to genkernel at least for now. From what I read, Genkernel would be able to generate working initrd only when cryptsetup and lvm2 are compiled with "static" USE flag. Can anyone confirm this?
But when I tried to emerge Cryptsetup with this flag, portage wants to install whole bunch or other stuff like python, mesa, and other X components. Is it obligatory? How to avoid this?

What about Dracut, does it also need cryptsetup with static flag?


Last edited by Tractor Girl on Fri Aug 02, 2013 7:29 pm; edited 1 time in total
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Wed Jul 31, 2013 4:34 pm    Post subject: Reply with quote

Quote:
I know that there are few ways to do that

You skipped one: roll your own. If you want to try it, I can post a simple init and script to assemble the required components if you like. It will require the same static components, unfortunately.
Quote:
If it's possible I would like to stick to genkernel at least for now.
The documentation on genkernel is very good. Everything you need should be there.
Quote:
From what I read, Genkernel would be able to generate working initrd only when cryptsetup and lvm2 are compiled with "static" USE flag. Can anyone confirm this?
Yes. This will be true of any initramfs if you want to avoid 3000 dynamic links that have to be included. (OK maybe not quite that many.)
Quote:
What about Dracut, does it also need cryptsetup with static flag?

It would have to because in order to make an initramfs you have to copy the binaries. This is not pleasant for dynamic ones.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Wed Jul 31, 2013 5:19 pm    Post subject: Reply with quote

Thank you good Doctor :D

Quote:
If you want to try it, I can post a simple init and script to assemble the required components if you like.

That would be nice. Are there any drawbacks of this approach comparing to automatic Genkernel/Dracut?

Ok so I'll emerge cryptsetup and lvm2 with static flag, But why portage wants to install all the other X stuff?
Without "static" flag it's only:
Code:

Total: 5 packages (5 new), Size of downloads: 49,425 kB


And with "static" it's like:
Code:
Total: 66 packages (2 upgrades, 58 new, 6 reinstalls), Size of downloads: 125,820 kB

Including mesa, libdrm etc...
Is it really need all this X things?
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Wed Jul 31, 2013 5:44 pm    Post subject: Reply with quote

Quote:
That would be nice. Are there any drawbacks of this approach comparing to automatic Genkernel/Dracut?
One disadvantage is that it is barren. General approaches include general solutions. I never included an fscheck which could be an option if you need your /usr pre-mounted. On the other hand, it is much faster because it doesn't need to do as much. It also doesn't load any modules, so if you need to, you would have to do that manually.
Quote:
Is it really need all this X things?
Unfortunately, yes. You probably also want to build a static busybox, but that doesn't require much at all, static or otherwise.

EDIT: Oh, one rather important thing: don't set USE="satic" in make.conf. This has several unpleasant consequences, Like more compiling and some packages not working. Use /etc/portage/package.use instead on a per package basis.


To make your own, first you need a workspace. I made a directory called /usr/src/initramfs for that purpose. The first thing you need is a file called init. Since its a busybox script, you will need a static busybox build.

This script is written for a lvm called "filesystem" on /dev/sda6

Code:
#!/bin/busybox sh

#Mount the /proc and /sys filesystems.
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
#echo /sbin/mdev > /proc/sys/kernel/hotplug
#mdev -s

# disable kernel messages from popping onto the screen
echo 0 > /proc/sys/kernel/printk

# Rescue shell
rescue_shell() {
echo " An error has occured"
    busybox --install -s
    exec /bin/sh
}

# export the PATH
export PATH=/bin:/sbin

   cryptsetup luksOpen /dev/sda6 root

# cryptsetup luksOpen /dev/sda6 root

echo " Decrypting the hard drive"

echo " Assembling the filesystem"

lvm vgscan --mknodes
lvm lvchange -aly filesystem/root

#separate usr?
#
#lvm lvchange -aly filesystem/usr

echo " Filesystem ready. Switching to kernel"
#echo

# Mount the root filesystem.
mount -o ro /dev/mapper/filesystem-root /mnt/root  || rescue_shell
#mount -o ro /dev/mapper/filesystem-usr /mnt/root/usr || rescue_shell


# Clean up.
umount /proc
umount /sys
umount /dev

# Boot the real thing.
exec switch_root /mnt/root /sbin/init


Next, this script will copy everything you need and actually make the initramfs and copy it to your /boot. There are a few directory you need to create first. The command in the second comment should make them all.

Code:
#!/bin/bash
# script to regenerate the initramfs
# requires mkdir  /usr/src/initramfs/{bin,dev,etc,lib,mnt,proc,root,sbin,sys}

# initial setup move the the right directories and get ready
cd /usr/src/initramfs
cp -a /dev/{null,console,tty,sda1} /usr/src/initramfs/dev/

# copy the firmware over
# not strictly required since its built into the kernel.
# cp -a /lib/firmware/radeon/R700_rlc.bin /usr/src/initramfs/lib/firmware/radeon/R700_rlc.bin

cp -a /bin/busybox /usr/src/initramfs/bin/busybox

# crypt binaries
cp -a /sbin/cryptsetup /usr/src/initramfs/sbin/
cp -a /dev/{random,urandom} /usr/src/initramfs/dev/

# lvm binary
#cp -a /sbin/lvm /usr/src/initramfs/sbin/lvm
cp -a /sbin/lvm.static /usr/src/initramfs/sbin/lvm

ln -sf /usr/src/initramfs/sbin/lvm /usr/src/initramfs/sbin/lvchange
ln -sf /usr/src/initramfs/sbin/lvm /usr/src/initramfs/sbin/vgscan

find . -print0 | cpio --null -ov --format=newc | gzip -9 > /boot/initramfs.cpio.gz

_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
rh1
Guru
Guru


Joined: 10 Apr 2010
Posts: 501

PostPosted: Wed Jul 31, 2013 6:25 pm    Post subject: Reply with quote

better-initramfs downloads and builds it's own stuff for it to use so you wouldn't need to change anything on your system at all. Works really well. Only thing it won't do is load modules.
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Wed Jul 31, 2013 7:57 pm    Post subject: Reply with quote

@The Doctor
Thank you :D
I will definitely try that.

So you do not have to use static flag with better-initramfs?
This tutorial http://www.funtoo.org/Rootfs_over_encrypted_lvm (I believe it was written by Slashbeast - better-initramfs author) doesn't mention "static" flag. But it also doesn't mention the need of "static" flag, when using Genkernel. Does Funtoo have it's own Genkernel different from that one in Gentoo?
Back to top
View user's profile Send private message
rh1
Guru
Guru


Joined: 10 Apr 2010
Posts: 501

PostPosted: Wed Jul 31, 2013 9:27 pm    Post subject: Reply with quote

Yes, Funtoo has it's own fork of genkernel.
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Wed Jul 31, 2013 10:43 pm    Post subject: Reply with quote

What are they talking about here? http://www.gossamer-threads.com/lists/gentoo/dev/275353
Does this mean that "static" builds of cryptsetup and lvm2 are/will be no longer possible?
Also one guy there is saying that static builds of cryptsetup/lvm2 are only needed for:
Quote:
Any initramfs creation tool that isn't smart enough to realize
what cryptsetup/lvm2 are linked to and copy those into the initramfs
(shouldn't be an issue in anything modern).

Are Genkernel and Dracut those "not smart enough" programs?


Anyway I've got an error when compiling lvm2:
Code:
 * ERROR: sys-fs/lvm2-2.02.97-r1 failed (compile phase):
 *   emake failed
 *
 * If you need support, post the output of `emerge --info '=sys-fs/lvm2-2.02.97-r1'`,
 * the complete build log and the output of `emerge -pqv '=sys-fs/lvm2-2.02.97-r1'`.
 * The complete build log is located at '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/environment'.
 * Working directory: '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/work/LVM2.2.02.97'
 * S: '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/work/LVM2.2.02.97'

>>> Failed to emerge sys-fs/lvm2-2.02.97-r1, Log file:

>>>  '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/build.log'

 * Messages for package sys-fs/lvm2-2.02.97-r1:

 * Warning, we no longer overwrite /sbin/lvm and /sbin/dmsetup with
 * their static versions. If you need the static binaries,
 * you must append .static to the filename!
 * ERROR: sys-fs/lvm2-2.02.97-r1 failed (compile phase):
 *   emake failed
 *
 * If you need support, post the output of `emerge --info '=sys-fs/lvm2-2.02.97-r1'`,
 * the complete build log and the output of `emerge -pqv '=sys-fs/lvm2-2.02.97-r1'`.
 * The complete build log is located at '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/environment'.
 * Working directory: '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/work/LVM2.2.02.97'
 * S: '/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/work/LVM2.2.02.97'
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Wed Jul 31, 2013 11:13 pm    Post subject: Reply with quote

You only copied the useless part of the error message.

I'd be sorry to see static binaries go. It's part of Gentoo's customizability, and it makes building custom Initramfs easier...
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Thu Aug 01, 2013 12:02 am    Post subject: Reply with quote

/var/tmp/portage/sys-fs/lvm2-2.02.97-r1/temp/build.log
http://pastebin.com/E21UX08U

emerge --info '=sys-fs/lvm2-2.02.97-r1':
http://pastebin.com/SMujDmUj


What is the difference between "static" and "static-libs" flags?
This error occurs when only with "static". With sole "static-libs" everything goes flawlessly.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Aug 01, 2013 12:15 am    Post subject: Reply with quote

The error is because the compiler can't find udev. You can work around it by using -udev
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Thu Aug 01, 2013 12:20 am    Post subject: Reply with quote

Good Doctor - please check out this comment https://bugs.gentoo.org/show_bug.cgi?id=478476#c7
Does this mean that Genkernel doesn't actually need cryptsetup/lvm2 with "static" flag ?
Well now I'm really confused :?


EDIT:
Also from what they're saying here https://forums.gentoo.org/viewtopic-t-951880-start-0.html, it seems that Dracut should work without static cryptsetup/lvm2.
Now I'm even more confused :P
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Thu Aug 01, 2013 12:59 am    Post subject: Reply with quote

It very well may be that they are going to the hassle of finding all the libraries. When you build something with "static" you get everything you need to run it in one binary. The default, dynamic, is just that: dynamic. A binary only includes its code and any calls it makes to the library are handled to a copy in memory.

This is a big advantage if you have a large library and 42 applications open trying to use it. If you are building an initramfs, its more of a indifference because you have to include every library that the binary may need to use. It sounds like the tools go through the process of packaging up everything. It keeps it dynamic, but gets you a working initramfs. I didn't realize they did this.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
Tractor Girl
Apprentice
Apprentice


Joined: 16 May 2013
Posts: 159

PostPosted: Fri Aug 02, 2013 7:28 pm    Post subject: Reply with quote

Uff, finally it's working.
I can confirm that Genkernel doesn't need cryptsetup and lvm2 with "static" flag.

Thank you all for help :D
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Sat Aug 03, 2013 3:59 pm    Post subject: Reply with quote

Tractor Girl wrote:
Uff, finally it's working.
I can confirm that Genkernel doesn't need cryptsetup and lvm2 with "static" flag.

Thank you all for help :D


good to know :)


enjoy your stay with Gentoo
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum