LUKS, Udev, Splashy, Hell
Hey! I'm another one of those guys who updated and now their computer is on the ritz. I got the following problems:
--Keymap defaults to qwerty in LUKS even though 'keymap' is loaded in mkinitcpio.conf and configured to dvorak in rc.conf
--I get this esoteric error in LUKS:
device-mapper:remove ioctl failed: Device or Resource is busy
I did some google searches and most of the posts were 'I dunno it doesn't work and now it does, Udev sucks'. Half the time my password gets accepted anyway and the other half of the time it doesn't.
--Splashy turned into a big grey screen and then went black. I've been having splashy crash after Udev begins for a while now (the screen turns back on at the GNOME login) but now it doesn't even begin at all. I suspect it's because it uses modified initscripts. I uninstalled splashy, removed it from mkinitcpio.conf, changed back to normal initscripts and recompiled the kernel and the system still crashes.
I saw another thread tracing some of these problems to a kernel issue--please note that I'm NOT using a custom kernel, I'm just using the vanilla stuff the repos give me. Any idea what I should do to fix this? I'm pretty sure all this is either because of klibc, udev, or initscripts being broken but I don't know where to go from here.
EDIT:
OK, I chrooted into my system and upgraded it, and the screen still goes black and the correct keyboard (dvorak) still doesn't load at luks anymore, but even though the screen is black I can see the disk light going off at irregular intervals, leading me to believe part of the boot process is still working, even if I don't know what part it is.
Last edited by Ferrenrock (2010-02-05 06:29:24)
Hello Ferrenrock,
this is my mkinitcpio.conf. I don't use v86d hook, so this can't be the problem.
[robert@thinkpad ~]$ cat /etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES="intel_agp i915"
# BINARIES
# This setting includes, into the CPIO image, and additional
# binaries a given user may wish. This is run first, so may
# be used to override the actual binaries used in a given hook.
# (Existing files are NOT overwritten is already added)
# BINARIES are dependancy parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in anyway. This is useful for config files.
# Some users may wish to include modprobe.conf for custom module options,
# like so:
# FILES="/etc/modprobe.conf"
FILES="/etc/modprobe.d/modprobe.conf"
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'modload' may be used in place of 'udev', but is not recommended
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
# This setup specifies all modules in the MODULES setting above.
# No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
# This setup will autodetect all modules for your system and should
# work as a sane default
# HOOKS="base udev autodetect pata scsi sata filesystems"
# This is identical to the above, except the old ide subsystem is
# used for IDE devices instead of the new pata subsystem.
# HOOKS="base udev autodetect ide scsi sata filesystems"
# This setup will generate a 'full' image which supports most systems.
# No autodetection is done.
# HOOKS="base udev pata scsi sata usb filesystems"
# This setup assembles an pata raid array with an encrypted root FS.
# Note: See 'mkinitcpio -H raid' for more information on raid devices.
# HOOKS="base udev pata raid encrypt filesystems"
# This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev usb lvm2 filesystems"
HOOKS="base udev autodetect pata scsi sata encrypt lvm2 filesystems"
# COMPRESSION
# Use this to compress the initramfs image. With kernels earlier than
# 2.6.30, only gzip is supported, which is also the default. Newer kernels
# support gzip, bzip2 and lzma.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
Last edited by orschiro (2010-02-10 22:25:11)
Similar Messages
-
MacBookPro1,1 (Mid 2006) Bluetooth not working
I recently installed Arch on an old MacBook Pro (v1,1) from 2006, and I'm having problems getting bluetooth to work. I'm using bluez4 because I'm using gnome-shell.
hciconfig produces no output.
lsusb shows the device in HID mode,
$ lsusb
Bus 001 Device 003: ID 05ac:8501 Apple, Inc. Built-in iSight [Micron]
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 002: ID 05ac:8240 Apple, Inc. Built-in IR Receiver
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 05ac:0217 Apple, Inc. Internal Keyboard/Trackpad (ANSI)
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
so I tried running hid2hci (as suggested by the Bluetooth wiki page) with the path determined as described in this post.
# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
Can't open device: No such file or directory (2)
error: unable to handle '/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1'
$ stat /sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1
File: '/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1'
Size: 0 Blocks: 0 IO Block: 4096 directory
Device: dh/13d Inode: 12166 Links: 6
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2013-09-29 16:07:26.268170146 -0400
Modify: 2013-09-29 15:39:37.720357106 -0400
Change: 2013-09-29 15:39:37.720357106 -0400
Birth: -
Any ideas?
$ uname -a
Linux hydrogen 3.11.2-1-ARCH #1 SMP PREEMPT Fri Sep 27 08:03:21 CEST 2013 i686 GNU/Linux
$ lsmod
Module Size Used by
fuse 65847 3
bnep 8922 2
bluetooth 271173 7 bnep
hid_appleir 2264 0
hid_generic 749 0
hid_apple 4205 0
uvcvideo 63684 0
videobuf2_vmalloc 2604 1 uvcvideo
videobuf2_memops 1683 1 videobuf2_vmalloc
videobuf2_core 24341 1 uvcvideo
usbhid 36609 0
lm63 10557 0
videodev 88107 2 uvcvideo,videobuf2_core
media 9140 2 uvcvideo,videodev
hid 70718 4 hid_generic,usbhid,hid_appleir,hid_apple
joydev 7339 0
iTCO_wdt 4471 0
appletouch 8402 0
iTCO_vendor_support 1545 1 iTCO_wdt
arc4 1628 2
evdev 8208 13
applesmc 9834 0
coretemp 5278 0
input_polldev 2142 1 applesmc
radeon 1117014 3
kvm_intel 121535 0
kvm 321817 1 kvm_intel
ttm 47394 1 radeon
drm_kms_helper 31934 1 radeon
microcode 10132 0
drm 191226 5 ttm,drm_kms_helper,radeon
ath5k 125372 0
pcspkr 1487 0
i2c_i801 9905 0
acpi_cpufreq 9523 1
i2c_algo_bit 4583 1 radeon
mperf 991 1 acpi_cpufreq
ath 12669 1 ath5k
of_i2c 1774 1 i2c_i801
mac80211 389700 1 ath5k
lpc_ich 11460 0
sky2 43633 0
tpm_infineon 7342 0
intel_agp 8688 0
intel_gtt 10172 1 intel_agp
agpgart 22047 4 drm,ttm,intel_agp,intel_gtt
cfg80211 336964 3 ath,ath5k,mac80211
rfkill 12714 5 cfg80211,bluetooth
tpm 13163 1 tpm_infineon
video 10071 0
processor 22169 3 acpi_cpufreq
i2c_core 19967 8 drm,lm63,i2c_i801,drm_kms_helper,i2c_algo_bit,of_i2c,radeon,videodev
apple_bl 2956 0
tpm_bios 8381 1 tpm
snd_hda_codec_idt 32712 1
snd_hda_intel 30903 3
battery 5589 0
ac 2668 0
button 3685 0
snd_hda_codec 127562 2 snd_hda_codec_idt,snd_hda_intel
snd_hwdep 4746 1 snd_hda_codec
shpchp 21973 0
snd_pcm 63876 2 snd_hda_codec,snd_hda_intel
snd_page_alloc 5974 2 snd_pcm,snd_hda_intel
snd_timer 14942 1 snd_pcm
snd 44566 12 snd_hwdep,snd_timer,snd_hda_codec_idt,snd_pcm,snd_hda_codec,snd_hda_intel
soundcore 4386 1 snd
ext4 425604 2
crc16 1091 2 ext4,bluetooth
mbcache 4290 1 ext4
jbd2 70221 1 ext4
sd_mod 28311 4
sr_mod 13055 0
cdrom 29900 1 sr_mod
ata_generic 2434 0
pata_acpi 2367 0
ata_piix 20856 4
libata 149201 3 pata_acpi,ata_generic,ata_piix
scsi_mod 108590 3 libata,sd_mod,sr_mod
firewire_ohci 27462 0
uhci_hcd 21416 0
ehci_pci 3404 0
ehci_hcd 42852 1 ehci_pci
firewire_core 44687 1 firewire_ohci
crc_itu_t 1095 1 firewire_core
usbcore 152779 6 uhci_hcd,uvcvideo,ehci_hcd,ehci_pci,usbhid,appletouch
usb_common 1399 1 usbcorehi, same here on a Mac Mini (mid 2007) I've tested with bluez4 and bluez5.
[root@luke mau]# uname -a
Linux luke 3.11.2-1-ARCH #1 SMP PREEMPT Fri Sep 27 07:35:36 CEST 2013 x86_64 GNU/Linux
[root@luke mau]# lsusb
Bus 005 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
[root@luke mau]# hid2hci
Can't open device: No such file or directory (2)
[root@luke mau]# hcitool dev
Devices:
[root@luke mau]# hidd --show
Following this post https://bbs.archlinux.org/viewtopic.php?id=167210 I thought it might have something to do with the kernel? I tried to downgrade kernel from 3.11 to 3.10 an then to 3.9 without resolving the issue.
[root@luke mau]# uname -a
Linux luke 3.9.7-1-ARCH #1 SMP PREEMPT Mon Sep 30 21:51:49 CEST 2013 x86_64 GNU/Linux
[root@luke mau]# lsusb
Bus 004 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
[root@luke mau]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1
Here what dmesg tells me about bluetooth:
$ dmesg | grep bluetooth
[root@luke mau]# dmesg | grep Bluetooth
[ 63.467549] Bluetooth: Core ver 2.16
[ 63.467589] Bluetooth: HCI device and connection manager initialized
[ 63.467605] Bluetooth: HCI socket layer initialized
[ 63.467609] Bluetooth: L2CAP socket layer initialized
[ 63.467617] Bluetooth: SCO socket layer initialized
[ 63.583429] Bluetooth: RFCOMM TTY layer initialized
[ 63.583449] Bluetooth: RFCOMM socket layer initialized
[ 63.583451] Bluetooth: RFCOMM ver 1.11
[ 107.627839] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 107.627858] Bluetooth: HIDP socket layer initialized
Here my loaded kernel(3.9)modules
[root@luke mau]# lsmod
Module Size Used by
hidp 18002 0
rfcomm 51516 0
bluetooth 304004 4 hidp,rfcomm
nfsv4 219580 1
nfsd 266601 9
auth_rpcgss 34243 2 nfsd,nfsv4
nfs_acl 2615 1 nfsd
arc4 2000 2
ath5k 135820 0
ath 15489 1 ath5k
mac80211 487694 1 ath5k
cfg80211 452268 3 ath,ath5k,mac80211
iTCO_wdt 5407 0
iTCO_vendor_support 1929 1 iTCO_wdt
rfkill 15626 3 cfg80211,bluetooth
i2c_i801 11269 0
sky2 49507 0
applesmc 11918 0
input_polldev 2850 1 applesmc
coretemp 6102 0
snd_hda_codec_idt 37946 1
shpchp 25649 0
kvm_intel 125437 0
kvm 390199 1 kvm_intel
microcode 13204 0
snd_hda_intel 35816 0
snd_hda_codec 145920 2 snd_hda_codec_idt,snd_hda_intel
snd_hwdep 6364 1 snd_hda_codec
snd_pcm 76860 2 snd_hda_codec,snd_hda_intel
snd_page_alloc 7362 2 snd_pcm,snd_hda_intel
pcspkr 2027 0
snd_timer 18687 1 snd_pcm
snd 58893 6 snd_hwdep,snd_timer,snd_hda_codec_idt,snd_pcm,snd_hda_codec,snd_hda_intel
lpc_ich 12849 0
pci_hotplug 22930 1 shpchp
soundcore 5418 1 snd
evdev 9912 10
nfs 144455 2 nfsv4
lockd 76709 2 nfs,nfsd
sunrpc 220758 30 nfs,nfsd,auth_rpcgss,lockd,nfsv4,nfs_acl
fscache 44638 2 nfs,nfsv4
acpi_cpufreq 10726 1
mperf 1299 1 acpi_cpufreq
processor 27555 3 acpi_cpufreq
ext4 486052 6
crc16 1359 2 ext4,bluetooth
mbcache 5930 1 ext4
jbd2 85240 1 ext4
hid_generic 1153 0
usbhid 40956 0
hid 87539 3 hidp,hid_generic,usbhid
dm_mod 72527 29
sr_mod 14930 0
cdrom 35072 1 sr_mod
sd_mod 30858 3
ata_generic 3370 0
pata_acpi 3387 0
ata_piix 24888 2
firewire_ohci 31845 0
libata 170033 3 pata_acpi,ata_generic,ata_piix
scsi_mod 129628 3 libata,sd_mod,sr_mod
firewire_core 52307 1 firewire_ohci
crc_itu_t 1363 1 firewire_core
ehci_pci 4120 0
uhci_hcd 24627 0
ehci_hcd 47407 1 ehci_pci
usbcore 177091 4 uhci_hcd,ehci_hcd,ehci_pci,usbhid
usb_common 954 1 usbcore
i915 563542 4
video 11203 1 i915
button 4669 1 i915
i2c_algo_bit 5391 1 i915
intel_agp 10872 1 i915
intel_gtt 12664 3 i915,intel_agp
drm_kms_helper 35086 1 i915
drm 230013 5 i915,drm_kms_helper
i2c_core 22447 5 drm,i915,i2c_i801,drm_kms_helper,i2c_algo_bit
So its not the kernel module and installing bluez5 or bluez4 made no difference.
[root@luke mau]# pacman -Ss bluez | grep installed
extra/bluez-firmware 1.2-7 [installed]
extra/bluez-libs 5.9-1 [installed]
extra/bluez-utils 5.9-1 [installed]
extra/bluez4 4.101-3 [installed]
[root@luke udev]# sha1sum hid2hci
09dbf30a30cd0f8a2ca46f6009e0cd979e745159 hid2hci
after installing bluez version 5
[root@luke udev]# pacman -Ss bluez | grep installed
extra/bluez 5.9-1 [installed]
extra/bluez-firmware 1.2-7 [installed]
extra/bluez-libs 5.9-1 [installed]
extra/bluez-utils 5.9-1 [installed]
[root@luke udev]# sha1sum hid2hci
09dbf30a30cd0f8a2ca46f6009e0cd979e745159 hid2hci
Ha that's the same file! I am going to downgrade that next....
[root@luke pkg]# pacman -Qo /lib/udev/hid2hci
/lib/udev/hid2hci is owned by bluez-utils 5.9-1
[root@luke pkg]# find /var/cache/pacman/pkg -name 'bluez-*'
/var/cache/pacman/pkg/bluez-utils-5.7-1-x86_64.pkg.tar.xz
/var/cache/pacman/pkg/bluez-5.9-1-x86_64.pkg.tar.xz
/var/cache/pacman/pkg/bluez-libs-5.7-1-x86_64.pkg.tar.xz
/var/cache/pacman/pkg/bluez-firmware-1.2-7-any.pkg.tar.xz
/var/cache/pacman/pkg/bluez-libs-5.9-1-x86_64.pkg.tar.xz
/var/cache/pacman/pkg/bluez-utils-5.9-1-x86_64.pkg.tar.xz
[root@luke pkg]# sha1sum /lib/udev/hid2hci
937659778fc90263e3e5d00baa01653273f1f5c8 /lib/udev/hid2hci
[root@luke pkg]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1'
[root@luke pkg]# pacman -U /var/cache/pacman/pkg/bluez-libs-5.7-1-x86_64.pkg.tar.xz
[root@luke pkg]# systemctl daemon-reload
[root@luke pkg]# systemctl restart bluetooth
[root@luke pkg]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1'
So still no clues.... but I think it's related to hid2hci not able to switch mode, I would like to test with bluez-utils < 5.7 but don't have that package at hand, will try to boot from an older install CD just to be sure what the old behavior of hid2hci was and confirm that it should work.
Last edited by m2 (2013-09-30 21:36:59) -
Changes to LVM2 and udev break LVM2 on LUKS?
Hey all,
After today's update I have an error on boot that I can't seem to figure out. I like many people, got an error when building mkinitcpio during the update. I reran mkinitcpio after the update, there were no errors, everything was great.
Before I explain the issue fully, here is my setup.
I have a lvm on a luks partition. On the lvm resides "/" "/home" and "swap". My mkinitcpio HOOKs line looks like this
HOOKS="base udev autodetect modconf block mdadm_udev encrypt lvm2 filesystems keyboard fsck"
Note that as you might have guessed from "mdadm_udev" I am using a raid, but this array is separate from my critical partitions, such root and home.
Now for my issue.
When I boot the machine, it executes up until the encrypt hook. It prompts for my password to decrypt the volume, which if given correctly, it does nothing for an unusually long time, then it prints
end_request: I/O error, dev fd0, sector 0
I don't have a floppy drive.
I can mount the system from installation media and chroot into the system, and everything seems fine. I checked my lvm.conf file to make sure it included the line "use_lvmetad = 1" which it does. I reran,
mkinitcpio -p linux
This did not solve the issue.
Any thoughts on what could be causing this?
Thanks,
-D
############## UPDATE ###############
Working fix here: https://bbs.archlinux.org/viewtopic.php … 2#p1232092
Bug report here: https://bugs.archlinux.org/task/33851
Last edited by jasonwryan (2013-02-14 19:45:56)I also use LVM with a configuration similar to Xyne's. I updated this morning and my system booted fine. The only thing unusual about my setup is that I update in chroot from another (minimal) up-to-date Arch system on the same machine. Here's some details, I'm happy to provide anything else if needed.
# fdisk -l /dev/sd?
Disk /dev/sda: 251.1 GB, 251059544064 bytes, 490350672 sectors
Device Boot Start End Blocks Id System
/dev/sda1 2048 2099199 1048576 83 Linux
/dev/sda2 * 2099200 2303999 102400 83 Linux
/dev/sda3 2304000 490350671 244023336 8e Linux LVM
Disk /dev/sdb: 251.1 GB, 251059544064 bytes, 490350672 sectors
Device Boot Start End Blocks Id System
/dev/sdb1 2048 490350671 245174312 8e Linux LVM
Disk /dev/sdc: 251.1 GB, 251059544064 bytes, 490350672 sectors
Device Boot Start End Blocks Id System
/dev/sdc1 2048 490350671 245174312 8e Linux LVM
Note: sda1 is the minimal system, sda2 is /boot for both systems. sda3 and sdb1 make up VG0. sdc1 makes up VG1.
# lvscan
ACTIVE Original '/dev/VG0/lv_root' [5.00 GiB] inherit
ACTIVE Original '/dev/VG0/lv_home' [10.00 GiB] inherit
ACTIVE '/dev/VG0/lv_data' [212.00 GiB] inherit
ACTIVE Original '/dev/VG0/lv_var' [5.71 GiB] contiguous
ACTIVE '/dev/VG0/lv_temp' [10.00 GiB] inherit
ACTIVE '/dev/VG0/lv_build' [10.00 GiB] contiguous
ACTIVE Snapshot '/dev/VG0/ss_root' [5.00 GiB] inherit
ACTIVE Snapshot '/dev/VG0/ss_var' [5.71 GiB] inherit
ACTIVE Snapshot '/dev/VG0/ss_home' [10.00 GiB] inherit
ACTIVE '/dev/VG1/lv_bucket' [230.00 GiB] inherit
ACTIVE '/dev/VG1/lv_swap1' [3.81 GiB] inherit
# cat /etc/mkinitcpio.conf
MODULES="nouveau"
BINARIES=""
FILES=""
HOOKS="timestamp base udev autodetect block lvm2 filesystems fsck shutdown"
COMPRESSION="xz"
COMPRESSION_OPTIONS="-e -9"
I saw something about fd0 when I first ran lvscan after a boot, but it didn't appear again that boot and I haven't tried to reproduce. I also had some errors related to my snapshots during boot:
Feb 13 10:53:18 caddywhompus kernel: device-mapper: table: 254:4: snapshot: Snapshot cow pairing for exception table handover failed
Feb 13 10:53:18 caddywhompus kernel: device-mapper: ioctl: error adding target to table
Feb 13 10:53:18 caddywhompus kernel: device-mapper: table: 254:14: snapshot: Snapshot cow pairing for exception table handover failed
Feb 13 10:53:18 caddywhompus kernel: device-mapper: ioctl: error adding target to table
Note: the first and third lines are "error red" -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
How to setup grub2 with arch linux and xen, lvm on luks
OK, so I tried downloading this package from AUR: https://aur.archlinux.org/packages/xen-git/ , but that has patching problems as noted in the comments. It looks like the packagebuild sets up all the xen stuff for you, but I can't seem to get the package to install because of the error's while patching. If anyone can point me in the right direction on what all the extra files in the PKGBUILD are for or how to debug problems with PKGBUILDs not working because of patches.
So next I just tried to compile the latest xen from git://xenbits.xen.org/xen.git (with ./configure, make, make install) and that seemed to go fine, but I'm a bit confused:
1. Do I have to do any additional configuration for xen when working with arch linux? On ubuntu I could just compile the source, update grub, and make sure to start the x services at runtime.
2. How do I set up grub to load xen with this setup? Right now this is my /boot/grub/grub.cfg:
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:vgStorage"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
#GRUB_SAVEDEFAULT="true"
~
I've tried throwing in a line like: XEN_HYPERVISOR_CMDLINE="cryptdevice=/dev/sda3:vgStorage", but nothing new shows up on the grub boot menu.
First time trying to set up a non-ubuntu system, please help!As for XEN.... well you could always try QEMU/KVM or LXC.
As for the LVM2-on-LUKS/dm-crypt
My /etc/mkinitcpio.conf looks like this...
MODULES="aesni_intel ata_generic ata_piix nls_cp437 ext4 intel_agp i915 dm-snapshot"
BINARIES=""
FILES=""
HOOKS="base udev autodetect block keymap encrypt lvm2 filesystems keyboard fsck shutdown"
/etc/defaults/grub
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root:allow-discards"
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
GRUB_TERMINAL_INPUT=console
GRUB_GFXMODE=auto
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_DISABLE_RECOVERY=true
The running grub config looks like this
/boot/grub/grub.cfg
9 insmod part_gpt
10 insmod part_msdos
53 if loadfont unicode ; then
54 set gfxmode=auto
55 load_video
56 insmod gfxterm
57 set locale_dir=$prefix/locale
58 set lang=en_US
59 insmod gettext
60 fi
61 terminal_input console
62 terminal_output gfxterm
63 set timeout=3
84 menuentry 'Backup, Arch Linux grsec kernel' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-grsec kernel-true-12341234-8080-8080-8080-332200882255' {
85 load_video
86 set gfxpayload=keep
87 insmod gzio
88 insmod part_msdos
89 insmod ext2
90 set root='hd1,msdos2'
91 if [ x$feature_platform_search_hint = xy ]; then
92 search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos2 --hint-efi=hd1,msdos2 --hint-baremetal=ahci1,msdos2 BBAAEEAA-FFCC-CCFF-FFCC-AABBCCEEBBAA
93 else
94 search --no-floppy --fs-uuid --set=root BBAAEEAA-FFCC-CCFF-FFCC-AABBCCEEBBAA
95 fi
96 echo 'Loading Linux grsec kernel ...'
97 linux /vmlinuz-linux-grsec root=/dev/mapper/VolGroup00-lvroot rw cryptdevice=/dev/sda2:root:allow-discards quiet
98 echo 'Loading initial ramdisk ...'
99 initrd /initramfs-linux-grsec.img
100 }
Things to note:
Numerical UUID is the UUID of the ROOT partition.
Alphabetical UUIS is the BOOT partition
hd1,msdos2 AND ahci1,msdos2 are how the Grub Bootloader numbers the drives not Linux.
I have my BOOT partition on a USB stick, and it is the Second partition.
So, that would make it, Device 2 and Partition 2
Device numbering starts at 0
Partition numbering starts at 1
Oh, and note that you don't need ":allow-discards" ... at all but certainly if you don't have an SSD. Also note that I included the line numbers so it is very clear that I didn't post the whole thing, but instead what I thought was relevant. Finally, I am loading modules that I don't even need, but what the hell... if it ain't broke, don't fix it
Last edited by hunterthomson (2013-12-04 08:31:45) -
Kernel updates kill my luks encrypted system
All right, this is weird. I have a 64bit system with encrypted root, home and swap partitions. To setup I followed the wiki here:
https://wiki.archlinux.org/index.php/LUKS
My swap is encrypted like described here:
https://wiki.archlinux.org/index.php/LU … sk_support
Since the updates to kernel 3.1 each new kernel update kills my system. Pacman says while upgrading
[2011-11-08 08:21] >>> Updating module dependencies. Please wait ...
[2011-11-08 08:21] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
[2011-11-08 08:21] ==> Building image from preset: 'default'
[2011-11-08 08:21] -> -k /boot/vmlinuz-linux_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img_64
[2011-11-08 08:21] ==> Starting build: 3.1.0-3-ARCH
[2011-11-08 08:21] -> Parsing hook: [base]
[2011-11-08 08:21] -> Parsing hook: [udev]
[2011-11-08 08:21] -> Parsing hook: [autodetect]
[2011-11-08 08:21] -> Parsing hook: [pata]
[2011-11-08 08:21] -> Parsing hook: [scsi]
[2011-11-08 08:21] -> Parsing hook: [sata]
[2011-11-08 08:21] -> Parsing hook: [usbinput]
[2011-11-08 08:21] -> Parsing hook: [keymap]
[2011-11-08 08:21] -> Parsing hook: [usb]
[2011-11-08 08:21] -> Parsing hook: [encrypt]
[2011-11-08 08:21] -> Parsing hook: [openswap]
[2011-11-08 08:21] -> Parsing hook: [resume]
[2011-11-08 08:21] -> Parsing hook: [filesystems]
[2011-11-08 08:21] ==> Creating gzip initcpio image: /boot/initramfs-linux.img_64
[2011-11-08 08:21] ==> Image generation successful
[2011-11-08 08:21] ==> Building image from preset: 'fallback'
[2011-11-08 08:21] -> -k /boot/vmlinuz-linux_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img_64 -S autodetect
[2011-11-08 08:21] ==> Starting build: 3.1.0-3-ARCH
[2011-11-08 08:21] -> Parsing hook: [base]
[2011-11-08 08:21] -> Parsing hook: [udev]
[2011-11-08 08:21] -> Parsing hook: [pata]
[2011-11-08 08:21] -> Parsing hook: [scsi]
[2011-11-08 08:21] -> Parsing hook: [sata]
[2011-11-08 08:21] -> Parsing hook: [usbinput]
[2011-11-08 08:21] -> Parsing hook: [keymap]
[2011-11-08 08:21] -> Parsing hook: [usb]
[2011-11-08 08:21] -> Parsing hook: [encrypt]
[2011-11-08 08:21] -> Parsing hook: [openswap]
[2011-11-08 08:21] -> Parsing hook: [resume]
[2011-11-08 08:21] -> Parsing hook: [filesystems]
[2011-11-08 08:21] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img_64
[2011-11-08 08:21] ==> Image generation successful
So the generation of the initramfs seems to be ok.
But when I reboot this box, I get:
running hook [openswap]
device /dev/sda4 doesn't exist or access denied
running hook [resume]
waiting 10 seconds for device /dev/mapper/swapDevice
waiting 10 seconds for device /dev/mapper/root
root device /dev/mapper/root doesn't exist. Attempting to create it.
ERROR: unable to determine major/minor number of root device /dev/mapper/root
/dev/sda4 is my swap partition. Then I get dropped to a recovery shell which I can't use because my (usb) keyboard is not working.
Now the funny part. I start the box from a install cd and chroot into the existing installation. I do a
mkinitcpio -p linux
The initramfs is regenerated and it works again! What the hell is pacman doing other than regenerate the initramfs with my presets?
Harvey
Last edited by Harey (2011-11-12 16:10:48)New kernel 3.1.1 did it again. My system hangs in initramfs after the reboot. Same as before: a simple rebuild without any changes fixed the boot process. This time I was able to backup the 'bad' initramfs before chrooting in and rebuilding.
it is very funny to see the content of the 'bad' initramfs image - it is nearly empty!
==> Image: /boot/initramfs-linux.img_64.bak
==> Kernel: unknown
==> Compressed with: gzip
-> Compression ratio: .452
-> Estimated decompression time: 0.036s
==> Included binaries:
/sbin/dmsetup
/sbin/cryptsetup
/sbin/udevadm
/sbin/blkid
/sbin/modprobe
/bin/busybox
==> Hook run order:
udev
keymap
encrypt
openswap
resume
The rebuilt image looks like this:
==> Image: /boot/initramfs-linux.img_64
==> Kernel: 3.1.1-1-ARCH
==> Compressed with: gzip
-> Compression ratio: .593
-> Estimated decompression time: 0.047s
==> Included modules:
aes_generic fcrypt hid-roccat-kone rmd160
aesni-intel ff-memless hid-roccat-koneplus rmd256
aes-x86_64 gcm hid-roccat-kovaplus rmd320
af_alg gf128mul hid-roccat-pyra salsa20_generic
ahci ghash-clmulni-intel hid-samsung salsa20-x86_64
algif_hash ghash-generic hid-sjoy scsi_mod
algif_skcipher hid hid-sony sd_mod
ansi_cprng hid-a4tech hid-speedlink seed
anubis hid-apple hid-sunplus seqiv
arc4 hid-axff hid-tmff serpent
async_memcpy hid-belkin hid-topseed sha1_generic
async_pq hid-cherry hid-twinhan sha256_generic
async_raid6_recov hid-chicony hid-uclogic sha512_generic
async_tx hid-cypress hid-wacom snd
async_xor hid-dr hid-waltop snd-rawmidi
ata_piix hid-elecom hid-wiimote snd-seq-device
authenc hid-emsff hid-zpff soundcore
authencesn hid-ezkey hid-zydacron sr_mod
blowfish hid-gaff hifn_795x syscopyarea
camellia hid-gyration hmac sysfillrect
cast5 hid-holtekff jbd2 sysimgblt
cast6 hid-kensington khazad tcrypt
cbc hid-keytouch lcd tea
ccm hid-kye libahci tgr192
cdrom hid-lcpower libata twofish_common
crc16 hid-logitech lrw twofish_generic
crc32c hid-magicmouse lzo twofish-x86_64
crc32c-intel hid-microsoft mbcache uhci-hcd
cryptd hid-monterey md4 usbcore
crypto_null hid-multitouch md5 usbhid
ctr hid-ntrig michael_mic usb-storage
cts hid-ortek padlock-aes vmac
deflate hid-petalynx padlock-sha wp512
des_generic hid-picolcd pata_acpi xcbc
dm-crypt hid-pl pata_jmicron xor
dm-mod hid-prodikeys pcbc xts
ecb hid-quanta pcrypt zlib
ehci-hcd hid-roccat raid6_pq zlib_deflate
ext4 hid-roccat-arvo raid6test
fb_sys_fops hid-roccat-common rmd128
==> Included binaries:
/bin/busybox
/sbin/udevadm
/sbin/dmsetup
/sbin/blkid
/sbin/cryptsetup
/sbin/modprobe
==> Hook run order:
udev
keymap
encrypt
openswap
resume
For some reason the initramfs built by pacman is missing all modules. To say it again, nothing changed, simple rebuilt by mkinitcpio -p linux!
This seems to be a bad bug...
Harvey
Last edited by Harey (2011-11-12 16:07:09) -
[solved] luks on lvm encryption keymap issue
hi,
i just installed arch on a new notebook of mine.
i used a luks encrypted lvm installation, which works (guided by the wiki)
but i am encoutering an issue with the keymap while decrypting at boot.
i've installed using "de-latin1-nodeadkeys" as keymap, and my actual passwort has some special characters.
at boot, i'v entered the passwort but it doesn't work.
so i rebootet with the live image and checked, with the german keymap again, which worked.
i checked for mispelling btw .
for testing purposes i set a password like "///" and it seems that the keymap at boot is an english one.
https://bugs.archlinux.org/task/36689 i found this bug, but it says closed so i'm thinking i went wrong somewhere.
any help is appreciated
here is my mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=""
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect block filesystems"
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev block filesystems"
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev block mdadm encrypt filesystems"
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev block lvm2 filesystems"
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf encrypt lvm2 block filesystems keyboard fsck"
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
and my grub.cfg
# DO NOT EDIT THIS FILE
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
if loadfont unicode ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_input console
terminal_output gfxterm
set timeout=5
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux, with Linux core repo kernel' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-core repo kernel-true-e084640b-9864-4667-84a4-9f5fb0a43483' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 802f1bee-db08-4896-87df-97c3883f58be
else
search --no-floppy --fs-uuid --set=root 802f1bee-db08-4896-87df-97c3883f58be
fi
echo 'Loading Linux core repo kernel ...'
linux /vmlinuz-linux root=/dev/mapper/main-root rw cryptdevice=/dev/sda2:main quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux.img
menuentry 'Arch Linux, with Linux core repo kernel (Fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-core repo kernel-fallback-e084640b-9864-4667-84a4-9f5fb0a43483' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 802f1bee-db08-4896-87df-97c3883f58be
else
search --no-floppy --fs-uuid --set=root 802f1bee-db08-4896-87df-97c3883f58be
fi
echo 'Loading Linux core repo kernel ...'
linux /vmlinuz-linux root=/dev/mapper/main-root rw cryptdevice=/dev/sda2:main quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux-fallback.img
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
### BEGIN /etc/grub.d/60_memtest86+ ###
### END /etc/grub.d/60_memtest86+ ###
and my default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda2:main quiet"
GRUB_CMDLINE_LINUX=""
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
#GRUB_SAVEDEFAULT="true"
vconsole.conf
KEYMAP="de-latin1-nodeadkeys"
Last edited by ziv667 (2013-11-27 12:18:03)ziv667 wrote:HOOKS="base udev autodetect modconf encrypt lvm2 block filesystems keyboard fsck"
Where's the keymap hook?
HOOKS="base udev autodetect modconf keymap encrypt lvm2 block filesystems keyboard fsck" -
[SOLVED] Can't boot from LUKS - No key available with this passphrase
The problem
Latest kbd package responsible for your keyboard layout may break some LUKS installs depending on the password used, as there are some keymaps which are broken, resulting in the user not being able to enter the password correctly.
Relevant bug report: https://bugs.archlinux.org/task/36689
The fix
Find an old live image with the old kbd package (I had success with 2012.11.01)
Boot the image
Change to your preferred keymap using
loadkeys
Open your encrypted device with
cryptsetup luksOpen /path/to/device devicename
Mount the device and any other relevant mount points (such as /boot) and perform a chroot with
arch-chroot
Revert the kbd package. The latest working version is 1.15.5-4. If you didn't clean your cache, you should have a working version under
/var/cache/pacman/pkg
If not, either try finding the package manually, or build it using ABS.
Once the package is installed, confirm the keymap works by running loadkeys again and entering any keys that may have been problematic.
While still under chroot, rebuild the initramfs with
mkinitcpio -p linux
If this goes without any problems, you should be able to reboot to a working system.
Ever since I updated my system about a week ago, I cannot boot it anymore.
The root filesystem encrypted and since the update, I can't unlock it on boot anymore. Typing in my passphrase, I get the error No key available with this passphrase.
One thing that comes to mind is that the passphrase contains non-standard characters (Š for example), and I'm not sure if that's what might be causing problems?
Any ideas or tips on how can I debug this?
Another thing I've noticed is that if I drop into a recovery shell, the special characters on my keyboard aren't properly mapped. Š will print out C and it's hexdump seems invalid.
Edit:
Just noticed this thread: https://bbs.archlinux.org/viewtopic.php?id=148562
Will try to unlock it from a live distro. It doesn't seem to want to unlock with Arch live as the keymap seems wrong there as well.
Last edited by Mr. Pjer (2013-09-07 00:19:27)Here's the list. The update was done on 31/8.
[2013-08-31 18:14] [PACMAN] Running 'pacman -Syu'
[2013-08-31 18:14] [PACMAN] synchronizing package lists
[2013-08-31 18:14] [PACMAN] starting full system upgrade
[2013-08-31 18:34] [PACMAN] removed python2-distribute (0.6.45-1)
[2013-08-31 18:34] [PACMAN] removed python-distribute (0.6.45-1)
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 1 valid: 5 signed: 65 trust: 0-, 0q, 0n, 5m, 0f, 0u
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 2 valid: 65 signed: 3 trust: 65-, 0q, 0n, 0m, 0f, 0u
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2014-01-22
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Importing owner trust values...
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
[2013-08-31 18:34] [ALPM-SCRIPTLET] -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Updating trust database...
[2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2014-01-22
[2013-08-31 18:34] [PACMAN] upgraded archlinux-keyring (20130525-2 -> 20130818-1)
[2013-08-31 18:34] [ALPM-SCRIPTLET]
[2013-08-31 18:34] [ALPM-SCRIPTLET] NOTE for argyllcms:
[2013-08-31 18:34] [ALPM-SCRIPTLET] ----
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> The documentaion is only available as html!
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> You will find it in /usr/share/argyllcms/doc
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Color charts located in /usr/share/argyllcms/ref
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Since release 1.5.0 ColorHug support is enabled by default. The environment variable "ENABLE_COLORHUG" is not longer needed!
[2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Please add your argyllcms user to plugdev group! <==
[2013-08-31 18:34] [PACMAN] upgraded argyllcms (1.5.1-2 -> 1.6.0-1)
[2013-08-31 18:34] [PACMAN] upgraded linux-api-headers (3.8.4-1 -> 3.10.6-1)
[2013-08-31 18:34] [ALPM-SCRIPTLET] Generating locales...
[2013-08-31 18:34] [ALPM-SCRIPTLET] en_US.UTF-8... done
[2013-08-31 18:34] [ALPM-SCRIPTLET] hr_HR.UTF-8... done
[2013-08-31 18:34] [ALPM-SCRIPTLET] Generation complete.
[2013-08-31 18:34] [PACMAN] upgraded glibc (2.17-6 -> 2.18-3)
[2013-08-31 18:34] [PACMAN] upgraded bash (4.2.045-4 -> 4.2.045-5)
[2013-08-31 18:34] [PACMAN] upgraded binutils (2.23.2-2 -> 2.23.2-3)
[2013-08-31 18:34] [PACMAN] upgraded boost-libs (1.54.0-2 -> 1.54.0-3)
[2013-08-31 18:34] [PACMAN] upgraded ca-certificates-java (20121112+nmu2-2 -> 20130815-1)
[2013-08-31 18:34] [PACMAN] upgraded glib2 (2.36.3-3 -> 2.36.4-1)
[2013-08-31 18:34] [PACMAN] upgraded wayland (1.2.0-1 -> 1.2.1-1)
[2013-08-31 18:34] [PACMAN] upgraded gcc-libs (4.8.1-2 -> 4.8.1-3)
[2013-08-31 18:34] [PACMAN] installed elfutils (0.155-1)
[2013-08-31 18:34] [PACMAN] installed llvm-libs (3.3-1)
[2013-08-31 18:34] [PACMAN] upgraded mesa (9.1.6-1 -> 9.2.0-1)
[2013-08-31 18:34] [PACMAN] upgraded mesa-libgl (9.1.6-1 -> 9.2.0-1)
[2013-08-31 18:34] [PACMAN] upgraded cairo (1.12.14-4 -> 1.12.16-1)
[2013-08-31 18:34] [PACMAN] upgraded ttf-dejavu (2.33-4 -> 2.34-1)
[2013-08-31 18:34] [PACMAN] upgraded chromium (28.0.1500.95-1 -> 29.0.1547.62-1)
[2013-08-31 18:34] [PACMAN] upgraded curl (7.31.0-1 -> 7.32.0-1)
[2013-08-31 18:34] [PACMAN] upgraded libarchive (3.1.2-1 -> 3.1.2-2)
[2013-08-31 18:34] [PACMAN] upgraded cmake (2.8.11.2-1 -> 2.8.11.2-2)
[2013-08-31 18:34] [PACMAN] upgraded cpupower (3.10-1 -> 3.10-2)
[2013-08-31 18:34] [PACMAN] upgraded device-mapper (2.02.98-4 -> 2.02.100-1)
[2013-08-31 18:34] [PACMAN] upgraded cryptsetup (1.6.1-2 -> 1.6.2-1)
[2013-08-31 18:34] [PACMAN] upgraded poppler (0.24.0-1 -> 0.24.1-1)
[2013-08-31 18:34] [PACMAN] upgraded cups-filters (1.0.35-4 -> 1.0.37-1)
[2013-08-31 18:34] [PACMAN] installed python2-setuptools (1.0-1)
[2013-08-31 18:34] [PACMAN] upgraded deluge (1.3.6-1 -> 1.3.6-3)
[2013-08-31 18:34] [PACMAN] upgraded dhcpcd (6.0.4-1 -> 6.0.5-1)
[2013-08-31 18:34] [PACMAN] upgraded python2-numpy (1.7.1-1 -> 1.7.1-2)
[2013-08-31 18:34] [PACMAN] upgraded dispcalgui (1.2.7.0-1 -> 1.2.7.0-2)
[2013-08-31 18:34] [PACMAN] upgraded ffmpeg (1:2.0-2 -> 1:2.0.1-1)
[2013-08-31 18:34] [PACMAN] upgraded gtk3 (3.8.2-1 -> 3.8.4-1)
[2013-08-31 18:34] [PACMAN] upgraded file-roller (3.8.3-1 -> 3.8.4-1)
[2013-08-31 18:34] [PACMAN] upgraded gcc (4.8.1-2 -> 4.8.1-3)
[2013-08-31 18:34] [PACMAN] upgraded gettext (0.18.3-1 -> 0.18.3.1-1)
[2013-08-31 18:34] [PACMAN] upgraded libtiff (4.0.3-2 -> 4.0.3-3)
[2013-08-31 18:34] [PACMAN] upgraded ghostscript (9.07-2 -> 9.09-1)
[2013-08-31 18:34] [PACMAN] upgraded librsvg (2.37.0-2 -> 1:2.37.0-1)
[2013-08-31 18:34] [PACMAN] upgraded libmng (1.0.10-4 -> 2.0.2-2)
[2013-08-31 18:34] [PACMAN] upgraded gimp (2.8.6-1 -> 2.8.6-2)
[2013-08-31 18:34] [PACMAN] upgraded perl (5.18.0-1 -> 5.18.1-1)
[2013-08-31 18:34] [PACMAN] upgraded perl-error (0.17020-1 -> 0.17021-1)
[2013-08-31 18:34] [PACMAN] upgraded git (1.8.3.4-1 -> 1.8.4-1)
[2013-08-31 18:34] [PACMAN] upgraded glew (1.10.0-1 -> 1.10.0-2)
[2013-08-31 18:34] [PACMAN] upgraded glfw (3.0.1-2 -> 3.0.2-1)
[2013-08-31 18:34] [PACMAN] upgraded glm (0.9.4.4-1 -> 0.9.4.5-1)
[2013-08-31 18:34] [PACMAN] upgraded gnupg (2.0.20-2 -> 2.0.21-1)
[2013-08-31 18:34] [PACMAN] upgraded gpgme (1.4.2-2 -> 1.4.3-1)
[2013-08-31 18:35] [PACMAN] upgraded grails (2.2.3-1 -> 2.2.4-1)
[2013-08-31 18:35] [PACMAN] upgraded groff (1.22.2-3 -> 1.22.2-5)
[2013-08-31 18:35] [PACMAN] upgraded gstreamer (1.0.9-1 -> 1.0.10-1)
[2013-08-31 18:35] [PACMAN] upgraded gst-plugins-base-libs (1.0.9-1 -> 1.0.10-1)
[2013-08-31 18:35] [PACMAN] upgraded imagemagick (6.8.6.4-1 -> 6.8.6.9-1)
[2013-08-31 18:35] [PACMAN] upgraded intel-dri (9.1.6-1 -> 9.2.0-1)
[2013-08-31 18:35] [PACMAN] upgraded iputils (20121221-2 -> 20121221-3)
[2013-08-31 18:35] [PACMAN] upgraded isl (0.12-1 -> 0.12.1-1)
[2013-08-31 18:35] [PACMAN] upgraded kbd (1.15.5-4 -> 2.0.0-1)
[2013-08-31 18:35] [PACMAN] upgraded kdelibs (4.10.5-2 -> 4.11.0-1)
[2013-08-31 18:35] [PACMAN] upgraded kmod (14-1 -> 15-1)
[2013-08-31 18:35] [PACMAN] upgraded lib32-glibc (2.17-5 -> 2.18-3)
[2013-08-31 18:35] [PACMAN] upgraded lib32-gcc-libs (4.8.1-2 -> 4.8.1-3)
[2013-08-31 18:35] [PACMAN] upgraded libbsd (0.5.2-2 -> 0.6.0-1)
[2013-08-31 18:35] [PACMAN] upgraded libfm (1.1.1-1 -> 1.1.2-1)
[2013-08-31 18:35] [PACMAN] upgraded libgdiplus (2.10.9-1 -> 2.10.9-2)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-en-GB (4.0.4-1 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-common (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-base (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-calc (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-draw (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-gnome (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-impress (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-kde4 (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-math (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-postgresql-connector (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-sdk (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-sdk-doc (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libwpd (0.9.6-1 -> 0.9.9-1)
[2013-08-31 18:35] [PACMAN] upgraded libreoffice-writer (4.0.4-2 -> 4.0.5-1)
[2013-08-31 18:35] [PACMAN] upgraded libsamplerate (0.1.8-1 -> 0.1.8-2)
[2013-08-31 18:35] [PACMAN] upgraded libwbclient (4.0.8-1 -> 4.0.9-1)
[2013-08-31 18:35] [ALPM-SCRIPTLET] >>> Updating module dependencies. Please wait ...
[2013-08-31 18:35] [ALPM-SCRIPTLET] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Starting build: 3.10.10-1-ARCH
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [autodetect]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keymap]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [encrypt]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux.img
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Image generation successful
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Starting build: 3.10.10-1-ARCH
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: bfa
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: smsmdtv
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keymap]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [encrypt]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
[2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Image generation successful
[2013-08-31 18:35] [PACMAN] upgraded linux (3.10.5-1 -> 3.10.10-1)
[2013-08-31 18:35] [PACMAN] upgraded linux-headers (3.10.5-1 -> 3.10.10-1)
[2013-08-31 18:35] [PACMAN] upgraded logrotate (3.8.5-1 -> 3.8.6-1)
[2013-08-31 18:35] [ALPM] warning: /etc/lvm/lvm.conf installed as /etc/lvm/lvm.conf.pacnew
[2013-08-31 18:35] [PACMAN] upgraded lvm2 (2.02.98-4 -> 2.02.100-1)
[2013-08-31 18:35] [PACMAN] upgraded maven (3.0.5-1 -> 3.1.0-1)
[2013-08-31 18:35] [PACMAN] upgraded net-snmp (5.7.2-7 -> 5.7.2-8)
[2013-08-31 18:36] [PACMAN] upgraded nodejs (0.10.15-1 -> 0.10.17-1)
[2013-08-31 18:36] [PACMAN] upgraded obex-data-server (0.4.6-7 -> 0.4.6-8)
[2013-08-31 18:36] [PACMAN] upgraded openresolv (3.5.5-1 -> 3.5.6-1)
[2013-08-31 18:36] [ALPM] warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
[2013-08-31 18:36] [PACMAN] upgraded pacman-mirrorlist (20130626-1 -> 20130830-1)
[2013-08-31 18:36] [PACMAN] upgraded pcmanfm (1.1.1-1 -> 1.1.2-1)
[2013-08-31 18:36] [ALPM] warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew
[2013-08-31 18:36] [PACMAN] upgraded php (5.4.17-1 -> 5.5.3-1)
[2013-08-31 18:36] [PACMAN] upgraded php-pear (5.4.17-1 -> 5.5.3-1)
[2013-08-31 18:36] [PACMAN] upgraded poppler-glib (0.24.0-1 -> 0.24.1-1)
[2013-08-31 18:36] [PACMAN] installed python-setuptools (1.0-1)
[2013-08-31 18:36] [PACMAN] upgraded python-pip (1.4-1 -> 1.4.1-2)
[2013-08-31 18:36] [PACMAN] upgraded python2-markupsafe (0.18-1 -> 0.18-2)
[2013-08-31 18:36] [PACMAN] upgraded python2-mako (0.8.1-1 -> 0.8.1-2)
[2013-08-31 18:36] [PACMAN] upgraded python2-pip (1.4-1 -> 1.4.1-2)
[2013-08-31 18:36] [PACMAN] upgraded python2-zope-interface (4.0.5-1 -> 4.0.5-2)
[2013-08-31 18:36] [PACMAN] upgraded sqlite (3.7.17-1 -> 3.8.0.1-1)
[2013-08-31 18:36] [PACMAN] upgraded qt4 (4.8.5-1 -> 4.8.5-2)
[2013-08-31 18:36] [PACMAN] upgraded redshift (1.7-6 -> 1.7-7)
[2013-08-31 18:36] [PACMAN] upgraded reiserfsprogs (3.6.23-1 -> 3.6.24-1)
[2013-08-31 18:36] [PACMAN] upgraded run-parts (4.3.4-1 -> 4.4-1)
[2013-08-31 18:36] [PACMAN] upgraded smbclient (4.0.8-1 -> 4.0.9-1)
[2013-08-31 18:36] [PACMAN] upgraded samba (4.0.8-1 -> 4.0.9-1)
[2013-08-31 18:36] [PACMAN] upgraded serf (1.2.1-1 -> 1.3.0-1)
[2013-08-31 18:36] [PACMAN] upgraded smartmontools (6.1-3 -> 6.2-1)
[2013-08-31 18:36] [PACMAN] upgraded subversion (1.8.1-1 -> 1.8.1-2)
[2013-08-31 18:36] [PACMAN] upgraded vim-runtime (7.3.1287-1 -> 7.4.0-2)
[2013-08-31 18:36] [PACMAN] upgraded vim (7.3.1287-1 -> 7.4.0-2)
[2013-08-31 18:36] [PACMAN] upgraded wicd (1.7.2.4-7 -> 1.7.2.4-9)
[2013-08-31 18:36] [PACMAN] upgraded wicd-gtk (1.7.2.4-7 -> 1.7.2.4-9)
[2013-08-31 18:36] [ALPM-SCRIPTLET] >>> This driver now uses SNA as the default acceleration method. You can
[2013-08-31 18:36] [ALPM-SCRIPTLET] still fall back to UXA if you run into trouble. To do so, save a file
[2013-08-31 18:36] [ALPM-SCRIPTLET] with the following content as /etc/X11/xorg.conf.d/20-intel.conf :
[2013-08-31 18:36] [ALPM-SCRIPTLET] Section "Device"
[2013-08-31 18:36] [ALPM-SCRIPTLET] Identifier "Intel Graphics"
[2013-08-31 18:36] [ALPM-SCRIPTLET] Driver "intel"
[2013-08-31 18:36] [ALPM-SCRIPTLET] Option "AccelMethod" "uxa"
[2013-08-31 18:36] [ALPM-SCRIPTLET] EndSection
[2013-08-31 18:36] [PACMAN] upgraded xf86-video-intel (2.21.14-1 -> 2.21.15-1)
[2013-08-31 18:36] [PACMAN] upgraded xorg-xset (1.2.2-2 -> 1.2.3-1)
I've just tried rebuilding the initramfs. It goes through without errors, but still won't accept my password on boot. -
I know there are quite a few solved posts like these but it's usually because of "mkinitcpio -p linux" not being regenerated.
My problem is after boot Grub says:
running hook [udev]
running hook [encrypt]
Waiting 10 seconds for device /dev/disk/by-uuid/d1d0825c-25d1-4cbe-811f-725d9ef8d034>...
ERROR: device 'UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034' not found. Skipping fsck.
ERROR: Unable to find root device 'UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034'.
Here are all the files that I think would be needed for this:
/etc/fstab
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
#/dev/mapper/cryptroot / ext4 rw,realtime,data=ordered 0 1
UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 / ext4 rw,relatime,data=ordered 0 1
#/dev/sda5 /boot ext4 rw,relatime,data=ordered 0 2
UUID=d04b37b1-4dfb-451c-b582-b9d95ca8fe22 /boot ext4 rw,relatime,data=ordered 0 2
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 298.1G 0 disk
├─sda1 8:1 0 100M 0 part
├─sda2 8:2 0 97.6G 0 part
├─sda3 8:3 0 1K 0 part
├─sda5 8:5 0 300M 0 part
├─sda6 8:6 0 50G 0 part
│ └─cryptroot 254:1 0 50G 0 crypt /
├─sda7 8:7 0 1G 0 part
└─sda8 8:8 0 149.1G 0 part
sdb 8:16 1 29.3G 0 disk
├─sdb1 8:17 1 558M 0 part
└─sdb2 8:18 1 31M 0 part
sdc 8:32 1 15G 0 disk
└─sdc1 8:33 1 15G 0 part /mnt/usb
sr0 11:0 1 1024M 0 rom
loop0 7:0 0 240.9M 1 loop
loop1 7:1 0 1.5G 1 loop
└─arch_root-image 254:0 0 1.5G 0 dm /etc/resolv.conf
loop2 7:2 0 1.5G 0 loop
└─arch_root-image 254:0 0 1.5G 0 dm /etc/resolv.conf
blkid
/dev/sda1: LABEL="System Reserved" UUID="3A481C2D481BE703" TYPE="ntfs" PARTUUID="850a6169-01"
/dev/sda2: UUID="EE3443C234438D11" TYPE="ntfs" PARTUUID="850a6169-02"
/dev/sda5: UUID="d04b37b1-4dfb-451c-b582-b9d95ca8fe22" TYPE="ext4" PARTUUID="850a6169-05"
/dev/sda6: UUID="691c218e-658f-47ff-8296-6b266b2c06c9" TYPE="crypto_LUKS" PARTUUID="850a6169-06"
/dev/sdb1: UUID="2014-07-03-18-41-56-00" LABEL="ARCH_201407" TYPE="iso9660" PTUUID="6039e1c4" PTTYPE="dos" PARTUUID="6039e1c4-01"
/dev/sdb2: SEC_TYPE="msdos" LABEL="ARCHISO_EFI" UUID="3B47-A69A" TYPE="vfat" PARTUUID="6039e1c4-02"
/dev/loop0: TYPE="squashfs"
/dev/loop1: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
/dev/loop2: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
/dev/mapper/arch_root-image: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
/dev/mapper/cryptroot: UUID="d1d0825c-25d1-4cbe-811f-725d9ef8d034" TYPE="ext4"
/dev/sdc1: UUID="86D3-3C7E" TYPE="vfat" PARTUUID="c3072e18-01"
/dev/sda7: PARTUUID="850a6169-07"
/dev/sda8: PARTUUID="850a6169-08"
/etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:cryptroot"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
#GRUB_SAVEDEFAULT="true"
/boot/grub/grub.cfg
# DO NOT EDIT THIS FILE
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
if loadfont unicode ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
insmod ext2
set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
else
search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux.img
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
insmod ext2
set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
else
search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux.img
menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
insmod ext2
set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
else
search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux-fallback.img
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
### BEGIN /etc/grub.d/60_memtest86+ ###
### END /etc/grub.d/60_memtest86+ ###
Things I tried:
Replace this line in grub.cfg with
linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034:cryptroot quiet
Do mkinitcpio -p linux but the hook ecrypt is there, so I assume it's a grub issue.
In
/etc/default/grub
replace GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:cryptroot" with actual UUID, etc.
Grub config was made with
grub-mkconfig -o /boot/grub/grub.cfg
Grub was installed with
grub-install --target=i386-pc --recheck /dev/sda
Last edited by shape (2014-07-21 15:23:05)Welcome to the forum :-)
Please remember to mark the thread as solved https://bbs.archlinux.org/viewtopic.php?id=130309
When posting configs, code or command output, please use [ code ] tags, not [ quote ] tags https://bbs.archlinux.org/help.php#bbcode
like this
It makes the code more readable and - in case of longer listings - more convenient to scroll through. -
Splashy stopped working after update, whole computer freezes instead o
I update by "pacman -Syu" yesterday, and when I started up my computer today (no restart yesterday) it freezes where everything should start loading.
I get the splash image I have choosen with splashy, but it doesn't load anything, it just stops there.
If I remove "quiet splash" from the kernel bootline everything works fine again, except that I don't have any boot splash.
I'm running x86_64 version of Arch on my laptop (Acer Aspire TimelineX 3820TG).
This is what pacman.log says got updated:
[2011-05-07 11:55] Running 'pacman -S network-manager-applet'
[2011-05-07 11:56] upgraded network-manager-applet (0.8.998-2 -> 0.8.999-1)
[2011-05-07 12:09] Running 'pacman -Syy'
[2011-05-07 12:09] synchronizing package lists
[2011-05-07 12:09] Running 'pacman -Syu'
[2011-05-07 12:09] synchronizing package lists
[2011-05-07 12:09] starting full system upgrade
[2011-05-07 12:12] upgraded binutils (2.21-6 -> 2.21-7)
[2011-05-07 12:12] upgraded run-parts (3.4.1-1 -> 3.4.4-1)
[2011-05-07 12:12] upgraded coreutils (8.11-1 -> 8.12-1)
[2011-05-07 12:12] Updating certificates. This might take a while...
[2011-05-07 12:12] upgraded ca-certificates (20090814+nmu2-1 -> 20110421-3)
[2011-05-07 12:12] upgraded dcron (4.4-2 -> 4.5-2)
[2011-05-07 12:12] upgraded gcc-libs (4.6.0-3 -> 4.6.0-4)
[2011-05-07 12:12] upgraded lib32-gcc-libs (4.6.0-3 -> 4.6.0-4)
[2011-05-07 12:12] upgraded nspluginwrapper (1.3.0-4 -> 1.3.2-1)
[2011-05-07 12:12] upgraded flashplugin (10.2.159.1-1 -> 10.2.159.1-2)
[2011-05-07 12:12] upgraded gcc (4.6.0-3 -> 4.6.0-4)
[2011-05-07 12:12] upgraded git (1.7.5-1 -> 1.7.5.1-1)
[2011-05-07 12:12] upgraded libtool (2.4-2 -> 2.4-3)
[2011-05-07 12:12] upgraded imagemagick (6.6.9.4-1 -> 6.6.9.8-1)
[2011-05-07 12:12] upgraded pciutils (3.1.7-3 -> 3.1.7-4)
[2011-05-07 12:12] upgraded udev (167-1 -> 167-2)
[2011-05-07 12:12] warning: /etc/rc.conf installed as /etc/rc.conf.pacnew
[2011-05-07 12:12] upgraded initscripts (2011.02.1-1 -> 2011.04.1-2)
[2011-05-07 12:12] warning: /etc/mkinitcpio.conf installed as /etc/mkinitcpio.conf.pacnew
[2011-05-07 12:12] upgraded mkinitcpio (0.6.8-2 -> 0.6.11-1)
[2011-05-07 12:12] >>> Updating module dependencies. Please wait ...
[2011-05-07 12:12] >>> MKINITCPIO SETUP
[2011-05-07 12:12] >>> ----------------
[2011-05-07 12:12] >>> If you use LVM2, Encrypted root or software RAID,
[2011-05-07 12:12] >>> Ensure you enable support in /etc/mkinitcpio.conf .
[2011-05-07 12:12] >>> More information about mkinitcpio setup can be found here:
[2011-05-07 12:12] >>> [url]http://wiki.archlinux.org/index.php/Mkinitcpio[/url]
[2011-05-07 12:12]
[2011-05-07 12:12] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
[2011-05-07 12:12] ==> Building image "default"
[2011-05-07 12:12] ==> Running command: /sbin/mkinitcpio -k 2.6.38-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
[2011-05-07 12:12] :: Begin build
[2011-05-07 12:12] :: Parsing hook [base]
[2011-05-07 12:12] :: Parsing hook [udev]
[2011-05-07 12:12] :: Parsing hook [autodetect]
[2011-05-07 12:12] :: Parsing hook [pata]
[2011-05-07 12:12] :: Parsing hook [scsi]
[2011-05-07 12:12] :: Parsing hook [sata]
[2011-05-07 12:12] :: Parsing hook [filesystems]
[2011-05-07 12:12] :: Parsing hook [splashy]
[2011-05-07 12:12] :: Generating module dependencies
[2011-05-07 12:12] :: Generating image '/boot/kernel26.img'...SUCCESS
[2011-05-07 12:12] ==> SUCCESS
[2011-05-07 12:12] ==> Building image "fallback"
[2011-05-07 12:12] ==> Running command: /sbin/mkinitcpio -k 2.6.38-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26-fallback.img -S autodetect
[2011-05-07 12:12] :: Begin build
[2011-05-07 12:12] :: Parsing hook [base]
[2011-05-07 12:12] :: Parsing hook [udev]
[2011-05-07 12:12] :: Parsing hook [pata]
[2011-05-07 12:12] :: Parsing hook [scsi]
[2011-05-07 12:13] :: Parsing hook [sata]
[2011-05-07 12:13] :: Parsing hook [filesystems]
[2011-05-07 12:13] :: Parsing hook [splashy]
[2011-05-07 12:13] :: Generating module dependencies
[2011-05-07 12:13] :: Generating image '/boot/kernel26-fallback.img'...SUCCESS
[2011-05-07 12:13] ==> SUCCESS
[2011-05-07 12:13] upgraded kernel26 (2.6.38.4-1 -> 2.6.38.5-1)
[2011-05-07 12:13] upgraded libgcrypt (1.4.6-2 -> 1.4.6-3)
[2011-05-07 12:13] upgraded libidn (1.19-1 -> 1.22-1)
[2011-05-07 12:13] upgraded libxcb (1.7-1 -> 1.7-2)
[2011-05-07 12:13] upgraded openssh (5.8p1-1 -> 5.8p2-1)
[2011-05-07 12:13] upgraded python2-cairo (1.8.10-1 -> 1.10.0-1)
[2011-05-07 12:13] upgraded qt (4.7.2-6 -> 4.7.3-1)
[2011-05-07 12:13] >>> The kernel-mode plugin has a new place.
[2011-05-07 12:13] >>> It's now located under /usr/lib/rp-pppoe/rp-pppoe.so
[2011-05-07 12:13] >>> Change LINUX_PLUGIN to the new path in your /etc/ppp/pppoe.conf
[2011-05-07 12:13] upgraded rp-pppoe (3.10-5 -> 3.10-6)
[2011-05-07 12:13] upgraded rxvt-unicode (9.10-1 -> 9.11-1)
[2011-05-07 12:13] upgraded sudo (1.8.1-1 -> 1.8.1.p1-1)
[2011-05-07 12:13] upgraded tzdata (2011e-1 -> 2011g-1)
[2011-05-07 12:13] upgraded usbutils (002-1 -> 002-2)
[2011-05-07 12:13] upgraded xfsprogs (3.1.4-1 -> 3.1.5-1)
Anyone who has any idea?
Moderator Edit: Changed 'quote' tags to 'code' tags (ewaller)
Last edited by ewaller (2011-06-08 15:43:58)Same problem here, Splashy is broken, I had to go back with previous mkinitcpio to get it working again.
Progress bar is frozen, I have to go with CTRL+ALT+F7 to get to my login screen.
@ ennui : removing the hook in /etc/mkinitcpio.conf and the line SPLASH="splashy" in /etc/rc.conf, then running mkinitcpio -p kernel26 as root should do the job.
Last edited by whiterabbit (2011-05-31 12:39:11) -
Mkinitcpio prays there's no "splashy" hook (but splashy IS installed)
I just followed the wiki page for installing splashy, but there's something not working because it tells me this:
[root@LTS-Arch ltsmash]# mkinitcpio -p kernel26
==> Building image "default"
==> Running command: /sbin/mkinitcpio -k 2.6.23-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
:: Begin build
:: Parsing hook [base]
:: Parsing hook [udev]
:: Parsing hook [autodetect]
:: Parsing hook [pata]
:: Parsing hook [scsi]
:: Parsing hook [sata]
:: Parsing hook [usbinput]
:: Parsing hook [keymap]
:: Parsing hook [filesystems]
FATAL: Hook 'splashy' can not be found.
==> FAIL
NOTE: Forget about this crap, i built the package but forgot to install it via pacman xD(Apologies for butting in wiclee.)
The effect is usually caused by trouble with the Segoe UI fonts on your system. Unfortunately it's a bit trickier to deal with on Windows 7 systems than Vista or XP. (The "Vortical" instructions which can fix it for almost all folks on Vista and XP aren't applicable to Windows 7.)
Try having a look through the following (unfortunately very long) topic. It contains a lot of information on the Windows 7 variants of this, and possible methods for fixing the various Segoe UI-related issues that might be in play:
iTunes 10.1 Missing Text -
Hello there everyone, first time posting here.
So as for my question, I recently finished up my preferred install for arch but I have just one problem. Can't seem to get Udev working right.
Before I was using debian with the same Udev automount rules posted in the wiki actually. Then I tried the same ones migrating to arch but they don't seem to work. After searching for my netbook, getting the runaround, then searching for an alternative method and getting the same it's getting kind of annoying. So here I am.
I'm running Arch with LXDE and all default DE components(PCmanFM, openbox, etc). I don't have HAL installed, only udisks and udev as PnP support. Any help?
(Also in specific, I was using the second rule in the Udev wiki page. The one with LUKS support)
(Ah, nevermind is was just a tiny bit of a syntax error. A little bit more googling helped me find the answer)
Last edited by jjsullivan (2011-02-10 09:03:33)v43 wrote:i'll tell you anyway
my choice was autofs (+hal). no volume managers.
it works like a charm with thunar (and pcmanfm too).
Its nice that you told anyway, solved my problem -
[solved]How to unlock LUKS using keyfile on usbdrive during boot?
Hi all,
I would like some advise for booting encrypted partitions using kefiles on a flashdrive. I'm setting up a Intel Atom based homeserver, and and want my data to be encrypted in case the server gets stolen. To save some encryption overhead I prefer to leave root unencrypted and only encrypt /home, and if this works, later on /var, /tmp and swap as well. My plan is to have a keyfile on a flash thumbdrive, and only have the thumbdrive plugged in while booting.
I have read the dm-crypt wiki page, but it assumes an encrypted root, and this approach won't work in my situation, where only non-root mountpoints are encrypted. If i put 'ASK' in /etc/crypttab I get prompted for the passphrase and the LUKS container unlocks and mounts fine. I can also unlock the LUKS container manually using the keyfile that I created. However when I put the path to the keyfile in /etc/crypttab instead of 'ASK', and let the usbdrive automount using an udev rule the unlock at boot fails. It seems that my udev rule is only executed when I plug in a drive after booting, not when it is already plugged in during boot. How would I accomplish this? Mount it with fstab and automatically unmount it after booting, or some entirely different way?
my /etc/fstab:
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sda1 / ext4 defaults 0 1
/dev/sda2 swap swap defaults 0 0
/dev/mapper/home /home ext4 defaults 0 1
/etc/crypttab:
home /dev/sda3 /media/usbhd-sdc1/keyfiles/arch_server_-_home.key
/etc/udev/rules.d/01.usbdrive_automount.rules (sdb is a second, currently unused harddisk):
KERNEL=="sd[b-z]", NAME:="%k", SYMLINK+="usbhd-%k", GROUP:="users", OPTIONS="last_rule"
ACTION=="add", KERNEL=="sd[c-z][0-9]", SYMLINK+="usbhd-%k", GROUP:="users", NAME:="%k"
ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
ACTION=="add", KERNEL=="sd[c-z][0-9]", PROGRAM=="/sbin/blkid -t %N", RESULT=="vfat", RUN+="/bin/mount -t vfat -o rw,noauto,flush,dirsync,noexec,nodev,noatime,dmask=000,fmask=111 /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mount -t auto -o rw,noauto,async,dirsync,noexec,nodev,noatime /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
<edit>
Okay I have found a solution. The trick was to make sure the usbstick gets mounted first, so the keyfile is available for the unlocking/mounting during boot. To do so I have added 'usb' to the hooks line in /etc/mkinitcpio.conf and recompiled the initramfs as described in the wiki link above.
Next I changed my /etc/udev/rules.d/01.usbdrive_automount.rules a little so that the mountpoint of the usbdrive stays after unplugging it:
KERNEL=="sd[b-z]", NAME:="%k", SYMLINK+="usbhd-%k", GROUP:="users", OPTIONS="last_rule"
ACTION=="add", KERNEL=="sd[c-z][0-9]", SYMLINK+="usbhd-%k", GROUP:="users", NAME:="%k"
ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
ACTION=="add", KERNEL=="sd[c-z][0-9]", PROGRAM=="/sbin/blkid -t %N", RESULT=="vfat", RUN+="/bin/mount -t vfat -o rw,noauto,flush,dirsync,noexec,nodev,noatime,dmask=000,fmask=111 /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mount -t auto -o rw,noauto,async,dirsync,noexec,nodev,noatime /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k", OPTIONS="last_rule"
#ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
#ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
/etc/fstab:
The usbdrive is put above the encrypted partition to make it get mounted first:
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sdc1 /media/usbhd-sdc1 ext2 defaults 0 0
/dev/sda1 / ext4 defaults 0 1
/dev/sda2 swap swap defaults 0 0
/dev/mapper/home /home ext4 defaults 0 1
/etc/crypttab:
home /dev/sda3 /media/usbhd-sdc1/keyfiles/arch_server_-_luks.key
So now I plug in the flashdrive, turn on the server, unplug the flashdrive and udev automatically unmounts the flashdrive while leaving the mountpoint /media/usbhd-sdc1 for the next boot.
</edit>
Last edited by rwd (2009-12-04 19:36:14)graysky wrote:@ratcheer - You can try now if it's a major pain in the balls by enabling [testing] and using the updated linux package.
If you do enable testing make sure you aren't like myself: I'm not competent enough to enable testing..
Edit:
To elaborate a bit. If you enable testing and then just do a "pacman -Syu" then you are going to pull in all sorts of packages you may not want and it may be complicated to get rid of later. To avoid this I would enable testing, do this:
sudo pacman -Syy
sudo pacman -S testing/linux
So it would pull in the absolute minimum that I wanted from testing. Then I would disable the testing repository and pacman -Syy again. That would convert the new linux package and packages it requires to manual packages. E.g. they would be shown under "pacman -Qm"
Because once you start pulling packages in from testing it is almost a one-way street. As I instructed above, that is my gross understanding. I don't use testing at all, it is supposed to be used if you are actively testing Arch and providing feedback while doing so.
Last edited by headkase (2012-10-03 01:51:51) -
[Solved] Silent LUKS boot
[Synopsis] Create a hook as shown below to silence the kernel.
I'd like to have a truly silent boot as in the Wiki but it only seems to address the login prompt.
I would also like to get rid of the (USB) boot messages pollution of the the LUKS password prompt for my encrypted root. Is there some configuration of the initramfs required to accomplish this? If so, what exactly would that be?
I should add that I boot the STUB EFI kernel so there's no bootloader as such.
Last edited by KairiTech (2013-12-14 01:27:52)I created the hook shown below to silence the kernel and now the LUKS prompt is clean.
/usr/lib/initcpio/hooks/hushkernel
#!/usr/bin/ash
# https://bbs.archlinux.org/viewtopic.php?pid=1312342#p1312342
run_hook() {
# http://unix.stackexchange.com/questions/44999/how-can-i-hide-messages-of-udev/45525#45525
# The four values in printk denote: console_loglevel, default_message_loglevel, minimum_console_loglevel and default_console_loglevel respectively.
# These values influence printk() behavior when printing or logging error messages. See 'man 2 syslog' for more info on the different loglevels.
# • console_loglevel: messages with a higher priority than this will be printed to the console
# • default_message_level: messages without an explicit priority will be printed with this priority
# • minimum_console_loglevel: minimum (highest) value to which console_loglevel can be set
# • default_console_loglevel: default value for console_loglevel
#define KERN_EMERG "<0>" /* system is unusable */
#define KERN_ALERT "<1>" /* action must be taken immediately */
#define KERN_CRIT "<2>" /* critical conditions */
#define KERN_ERR "<3>" /* error conditions */
#define KERN_WARNING "<4>" /* warning conditions */
#define KERN_NOTICE "<5>" /* normal but significant condition */
#define KERN_INFO "<6>" /* informational */
#define KERN_DEBUG "<7>" /* debug-level messages */
echo "3 3 3 3" > /proc/sys/kernel/printk
/usr/lib/initcpio/install/hushkernel
#!/bin/ash
build() {
add_runscript
help() {
cat <<HELPEOF
This hook will suppress kernel messages during the boot LUKS password prompt
HELPEOF -
Hello guys,
what's the right way to have access to removable devices such as usb devices since udev seems not to work in the way I was used to as it is written in the wiki down here?
I'm using dwm with simply coreutils in xterm and for some cases vifm as a term-based filemanager. So there's no way to do it with hal and a gui-based filemanager.
So my question, is udev still the right thing to handle this task or are there any other perhaps better solutions?
Best regards.
Last edited by orschiro (2010-01-25 23:14:27)I guess the warning in the wiki is due to mkinitcpio 0.6 which will remove all the klibc-* stuff. Basically, you have to replace /.../vol_id with /sbin/blkid.
For example, my updated udev file (mount to /media, use label if available, luks support) looks like this now:
KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"
# Open luks partition if necessary
PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"
ENV{crypto}!="?*", ENV{device}="%N"
ACTION=="add", ENV{crypto}=="?*", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /usr/sbin/cryptsetup luksOpen %N %k'"
ACTION=="add", ENV{crypto}=="?*", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"
# Global mount options
ACTION=="add", ENV{mount_options}="noatime,users"
# Filesystem specific options
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"
# Get label
ACTION=="add", PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"
# use basename to correctly handle labels such as ../mnt/foo
ACTION=="add", PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"
ACTION=="add", ENV{dir_name}!="?*", ENV{dir_name}="usbhd-%k"
ACTION=="add", ENV{dir_name}=="?*", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"
ACTION=="remove", ENV{dir_name}=="?*", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"
ACTION=="remove", ENV{crypto}=="?*", RUN+="/usr/sbin/cryptsetup luksClose %k"
LABEL="media_by_label_auto_mount_end"
However, I'm not sure if I should use blkid's cache or not (-p flag)...
edit:
Changelog
20100303
removed blkid's -p flag as it makes blkid always return the return code 0 even if there is no filesystem on that specifiy device / partition.
20100205
updated rules set. see http://bbs.archlinux.org/viewtopic.php? … 73#p702773
Last edited by xduugu (2010-03-03 10:07:00)
Maybe you are looking for
-
Using AX with Linsys router and WEP security
I have a Dell Inspiron 700m running XP. I use a Linksys wireless router for internet access. I have configured my AX to connect to the router and, with the WEP security turned off, it worked fine. However, when I turned WEP back on, reset the AX, and
-
Hard reset & tapping the center of the target
My first problem is I can't find my instructions for my Tungsten E2, so please excuse my inability to use the appropriate words to describe functions, etc. My current problem is that the screen isn't reading my taps from my stylus. I have tried to r
-
Oracle BI EE "complex" model problem
Problem - we have 3 tables (star schema) - Sales_fact, Customer and Product - Sales_fact are divided by organizations and contains sales to organization external customers and sales between organisations. In Customer (divided by organization code) ta
-
I am curious to know, if one of my cameraman has setup his cam in Non drop Frame, can it causes me problem when capturing? JVC 720p GY-HD100U using the JVC deck to capture.
-
Bridge Raw adds a blue color cast to every pic once opened in PS.
This happens with every picture. Whether I make an edit in bridge raw or just open it in bridge raw. Once I ask to open the image in photoshop the color cast is added. Please notice the navigator window image is normal. I have a new hard drive and