Stuff that has not yet gone into the official build.
Post a reply

Re: (experimental) Alternative usb installation method

Mon Mar 11, 2013 6:43 pm

I'll take a look at the patch. It might be worth doing that. Right now, if you want to make an encrypted, rw home, you have to drop to console, log in as root, and run another script. And if you want to use the uuid number for lukshome in cmdline, you have to plug the stick into a running system to edit the boot menu

The lukshome hook is now redundant for me. It was only ever done because luks persistence did not work before 4.0~a7. Proper LUKS persistence is simpler and more flexible.

The patch I use supports full- and home-persistence partitions and/or files (luks or not) as well as optional RW mount. The entire /lib/live/ in the initrd is replaced with that from 4.0~a7 (with one file modified) so should work also for older versions. The alt initrd generated can be placed with the original in the /live directory and one or more extra menu entry made for it.

BTW 4.0~a7 just disappeared from experimental. An initrd made from the new version fails with kernel panic here, patched or not.

Re: (experimental) Alternative usb installation method

Tue Mar 12, 2013 3:30 am

If refracta2usb will be focused on simplicity, some observations and suggestions.

There are very many possible advanced operations, e.g LUKS. If wanted, they might be better dealt with in sub- or entirely separate scripts. Or done manually. Then nothing much is likely to break the main script.

There is also no need to include the "syslinux" directory, /isolinux can be simply edited (menu structures are not different) after copying the entire image something like this:

Code:
rsync -av  "$image_mountpoint"/ "$usb_mountpoint"

mv $usb_mountpoint/isolinux $usb_mountpoint/syslinux

# no need to rename isolinux.bin.. syslinux doesn't use it

mv $usb_mountpoint/syslinux/isolinux.cfg $usb_mountpoint/syslinux/syslinux.cfg

for i in $(ls $usb_mountpoint/syslinux|grep .cfg); do

# it's only 3 files

sed -i "s:isolinux:syslinux:"g $usb_mountpoint/syslinux/$i

done


Another advantage: script will then probably work for other Debian-live images

OT.. Worth noting for anyone who has no need of FAT filesystems (used for data-transfer compatibility with lesser OS's): much the same principles appy to extlinux as isolinux/syslinux.

Re: (experimental) Alternative usb installation method

Tue Mar 12, 2013 5:39 pm

Been playing with this script today. I added some code to the replace_live function so that it would save /live/boot from my grub-booted live-usb and copy it back after replacing the /live folder. That way I can use the script to change images easily. It works.

I changed the script to copy and rename isolinux to syslinux, and that works, too. Edit: When I plugged in the stick afterward to edit the boot menu, all the files in /syslinux were read-only.

Tried starting a second script as root from within refracta2usb, and that works. So it's possible to create the encrypted partition before rebooting into the live-usb. There are two hurdles here. One is to copy the "boot with hooks" entry into the boot menu. That one shouldn't be too difficult - might go with letting you open the file with a text editor from within the script and letting you paste in a sample entry. The other is to copy /home/user to the encrypted filesystem when /home/user is inside filesystem.squashfs. I don't really want to get into unsquashing.

Re: (experimental) Alternative usb installation method

Tue Mar 12, 2013 6:54 pm

When I plugged in the stick afterward to edit the boot menu, all the files in /syslinux were read-only

That's interesting to know.. but for sure everything in an an iso's mountpoint must be RO.. and if rsync is used probably stays that way.. chmod after copy?

I don't really want to get into unsquashing

Root can mount a squashfs from inside a "normally" mounted iso but it seems not if the iso is fuse-mounted. If you're working as root anyway fuseiso is not needed. There might be a similar RO issue to sort if rsync is used.

Re: (experimental) Alternative usb installation method

Tue Mar 12, 2013 11:08 pm

Well I just happen to have a mounted iso, so I mounted the squash. Easy. No special options needed. Stuff in user's home is rw. This can work. I have to pass $DEVICE from the first script to the second, but I already figured that out. Mount the first partition, mount the squash, rsync user's home. All the cryptsetup stuff that happens in the middle is already done (lifted from the installer).

Below is the function that renames all the isolinux stuff. I'm looking at it, wondering where I'll put the chmod, and it occurs to me that I shouldn't be able to rename isolinux.cfg if it's ro. But they did get renamed. Weird. Will have to do this a few more times.

I wanted to save my old syslinux folder, because it has some custom stuff in it. If you try to 'mv isolinux syslinux' when there's already a syslinux folder, mv complains. So /syslinux gets deleted if it's not the original one. That behavior will probably change in the final version, and I might end up making a config file to control a few things like this. Oh yeah, note the trimmed for-loop.
Code:
# Rename isolinux to syslinux
isolinux2syslinux () {
if [[ -d $usb_mountpoint/syslinux.old ]] ; then
   rm -rf $usb_mountpoint/syslinux
else
   mv $usb_mountpoint/syslinux $usb_mountpoint/syslinux.old
fi

   mv $usb_mountpoint/isolinux $usb_mountpoint/syslinux
   # no need to rename isolinux.bin.. syslinux doesn't use it
   mv $usb_mountpoint/syslinux/isolinux.cfg $usb_mountpoint/syslinux/syslinux.cfg

   for i in $usb_mountpoint/syslinux/*.cfg ; do
      sed -i "s:isolinux:syslinux:"g "$i"
   done
}

Re: (experimental) Alternative usb installation method

Wed Mar 13, 2013 1:35 pm

chmod can be done within rsync, e.g:

Code:
rsync -av --chmod=+w "$image_mountpoint"/ "$usb_mountpoint"

Re: (experimental) Alternative usb installation method

Thu Mar 14, 2013 4:22 pm

Been working on mkusbcrypt, gui version, copy home from mounted iso. It works. Had some trouble with the detect function until I upgraded yad from 17 to 19. Here's the current working version. There's code in it to make the gui and non-gui versions a single script, but the cli stuff is disabled (functions just don't get called yet.)

https://gist.github.com/fsmithred/5162737

Re: (experimental) Alternative usb installation method

Thu Mar 14, 2013 9:37 pm

I'm getting on well with real LUKS home persistence. No need to copy in /home/user because only a persistence.conf is required to begin, then only the changes from default get (automatically) written

But I will test this anyway.. it could be also adapted to set up actual LUKS persistence.

Not sure how you meant the script to be called. I'm guessing <su-to-root -X -c 'xterm -e /path/to/mkusbcrypt'> or using sux, if installed. Unless it's only meant to be a subscript of another.

The "detect" function didn't work right because $ubsdevfulllist is set in lowercase but in the function, called in upper. It does now.

More later..

Re: RO permissions: File permissions in linux for FAT should be set only by the mount options, chmod isn't meant to work but in practice it does for -w or +w. I don't know why that is. I tested rsync with --chmod=+w and it works. Using pmount at least.

Code:
~$ cat /proc/mounts
#(snip)
/dev/sdb1 /media/sdb1 vfat rw,nosuid,nodev,noexec,relatime,uid=1000,gid=1000,fmask=0177,dmask=0077,codepage=cp437,iocharset=iso8859-1,shortname=mixed,quiet,utf8,errors=remount-ro 0 0


cp -r transfers them as RW but I had problems before using mkdir and cp, with wrong-case directory names which live-boot puked on.

Re: (experimental) Alternative usb installation method

Thu Mar 14, 2013 10:57 pm

Oh, I didn't even notice that it wasn't listing the name of the device. It still works - but you have to know which drive you're picking. (/dev/sde in this case, and it's the only usb drive plugged in.)

I added the chmod to the isolinux2syslinux function, right before the mv command, so it would only affect the isolinux directory and files. Did a run through today with both scripts, starting from scratch (almost) with an empty vfat and empty ext2. It worked beautifully. I still need to add some code to put the 'use hooks' entry in the menu, but I've got that mostly figured out.

Have you heard any talk of newer versions of live-* packages moving into wheezy?

Re: (experimental) Alternative usb installation method

Thu Mar 14, 2013 11:53 pm

Have you heard any talk of newer versions of live-* packages moving into wheezy?

live-boot 3.0.1-1 (live-config 3.0.21-1) .. same as sid at the moment. Need => 4.0~a7 for luks persist
Post a reply