Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
There's another use case here too, in cases where I want to use my own LUKS parameters - that the installer doesn't expose. Perhaps I want --type=luks1, maybe I want a different --iter-time, etc. Actually, if the installer (in expert mode) let us pass arbitrary arguments for cryptsetup this would close up this use case.
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
On 07/09/2019 21:25, Ben Hutchings wrote: What makes you think the installer is intended to be used for upgrades? Ben. Not for upgrading an existing OS installation but it should be usable for a fresh OS install while preserving user data. That is an important goal in having a separate /home partition. I do realise that in such a scenario the configuration files in user's home directories may need some manual attention. -marko
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
On Sat, 2019-09-07 at 13:48 +0300, M Santala wrote: [...] > This bug has persisted for a long time and it bites long-term Debian > users who are upgrading their systems, causing loss of time and > data. This makes upgrade a challenge and encourages to keep obsolete > systems in operation. What makes you think the installer is intended to be used for upgrades? Ben. -- Ben Hutchings The most exhausting thing in life is being insincere. - Anne Morrow Lindberg signature.asc Description: This is a digitally signed message part
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
Package: partman-crypto Followup-For: Bug #451535 Dear Maintainer, * What led up to the situation? Trying to do a fresh Buster installation using "Expert install" on an old computer with encrypted LVM volumes, with the aim of not formatting the volumes. I was using ISO image debian-10.0.0-amd64-DVD-1.iso on a MicroSD card. * What exactly did you do (or not do) that was effective (or ineffective)? The encrypted partition was not recognized initially at all, however, the embedded LVM volumes were recognised after manually opening the LUKS wrapper (along the lines in Message #90). NB. A boot into Rescue mode recognizes and opens the encrypted volume correctly. * What was the outcome of this action? The installer does not recognize the existing filesystems on LVM volumes (unlike the Rescue mode). Proceeding with installation results in formatting of the selected volumes and data loss. This may be mitigated by selecting only a root volume at installation stage and manually reconfiguring the other filesystems later. * What outcome did you expect instead? The existing filesystems should be recognized and formatting should be optional, just as it is with pre-existing native disk volumes. [Does this work with unencrypted LVM?] This bug has persisted for a long time and it bites long-term Debian users who are upgrading their systems, causing loss of time and data. This makes upgrade a challenge and encourages to keep obsolete systems in operation. -marko -- System Information (the affected computer): Debian Release: Wheezy Architecture: amd64 (x86_64)
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
On Mon, 2017-05-15 at 17:37 -0300, Kolmar Kafran wrote: > On Mon, 15 May 2017 21:26:28 +0100 Ben Hutchings> wrote: > > > It is in the nature of an installer that it is capable of > > overwriting > > existing data. Based on your instructions, I think the installer > > already makes it quite clear what's going to happen. > > The documentation defines that: > > > The severity levels are: > > critical > > makes unrelated software on the system (or the whole system) > > break, or causes serious data loss, or introduces a security hole > > on systems where you install the package. > > Since it is not possible to advance with the installation without > formating the partition, based on the severity levels definition, I > think this should be marked as critical. You always have the option to do nothing. Ben. -- Ben Hutchings Humour is the best antidote to reality. signature.asc Description: This is a digitally signed message part
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 15 May 2017 21:26:28 +0100 Ben Hutchingswrote: > It is in the nature of an installer that it is capable of overwriting > existing data. Based on your instructions, I think the installer > already makes it quite clear what's going to happen. The documentation defines that: > The severity levels are: > critical > makes unrelated software on the system (or the whole system) break, or > causes serious data loss, or introduces a security hole on systems where you > install the package. Since it is not possible to advance with the installation without formating the partition, based on the severity levels definition, I think this should be marked as critical. Att, Kolmar Kafran. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZGhExAAoJEKrvtn5ZdulsTFwH/0HjMqYXNCefMnI4JHB9iBnC JsMIRXz0760rfNYYC/KvsrO/YXOdvbUEkJc7XtxVgQkJFft7ZRh/HhZb86kVfmGe PyY4N1lWXMmT0b4DpkzgoTTNYKp23ywFIIY0SRqR4qi+BbiWyE9F95dulWYDn2ST DP1htn7CBiYuMd+CIAsSWdw4qD0ADCYqEOmjHNwozte017ZoJlXm395ffj+EEgW+ Cgp9zcpBNrfeg65gxDs5WoTz55x9o22+C9eNa8aE8gEGuzWzQH7C9GWHrHx/VLzH t4R9elqx9zsuaaSKWVYX+2RDeVcfNZ76i+vTkFLlPzFxHN6pq7+LiocnOHxQKJ8= =WsQa -END PGP SIGNATURE-
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
On Mon, 2017-05-15 at 17:20 -0300, Kolmar Kafran wrote: > severity: critical > > I would like to say this bug still persist on Debian Stretch. > > I suggest this bug to be marked as 'critical', since this could lead to > data loss. [...] It is in the nature of an installer that it is capable of overwriting existing data. Based on your instructions, I think the installer already makes it quite clear what's going to happen. Ben. -- Ben Hutchings Humour is the best antidote to reality. signature.asc Description: This is a digitally signed message part
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
severity: critical -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I would like to say this bug still persist on Debian Stretch. I suggest this bug to be marked as 'critical', since this could lead to data loss. The debian installer doesn't recognize a previous encrypted volume (Tested with netinstall.iso). The critical is that even with workaround to recognize the partitions on encrypted volume the installer only advances on formating these partitions causing data-loss. This is a long time bug and I think this could be fixed in time for Stretch release. I don't know if the Ubuntu installer is the same but this bug doesn't exists on Ubuntu. How to achieve the bug: Step 1: On "Partition disk" go to "Configure encrypted volumes" https://www.dropbox.com/s/xvsa2d6l4k925oz/step1.png Step 2: Select "Create encrypted volume". This will make anna install the necessary packages to work with encryption. P.s.: on Ubuntu, this step shows an option to setup an existing encrypted volume. https://www.dropbox.com/s/hii5g0uvewb3djq/step2.png Step 3: Go back. https://www.dropbox.com/s/ckzb2r4pgirufum/step3.png Step 4: Do NOT save changes to disk. https://www.dropbox.com/s/1s5r2h8x1rfi419/step4.png Step 5: Go back. Open a shell. Open luks volume. Activate volume group. Exit. https://www.dropbox.com/s/658k4bqe5vzdpf1/step5.png Step 6: Detect disks. LVM partitions are now seen. https://www.dropbox.com/s/6fdxpoqmef4htz6/step6.png Step 7 (This is the critical bug): Choosing any LVM partition and selecting to use as the previous format system leads to "re-format" the partition. This step should ask if you want to keep the existing file system. This could lead to /home data loss. On Ubuntu you can choose to not format the partition at this stage. https://www.dropbox.com/s/qmjiuv1enicg49b/step7.png I hope this help to solve this annoying problem. Today its impossible to install Debian on an already encrypted system without data loss. Cheers, Kolmar Kafran. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZGg0ZAAoJEKrvtn5Zdulsjt4H/1Jvn4HQBqIs1mvFCCiOfGZ5 eF4/BcofxebKICqInrsqeAJSnje1iOQMvpzMKit5tysLpBF3tV01bjVzrt78m874 NwiSqwzEhFHssPJxEztmOnH2GukdRS3D/w0U1CmnG/cxF5pbDq2ufcA9a+1kJ+/L KyebYmP7qLuDYkY0k5ZBzfdPcblkje8voSGEr02AbHxDj6N2Aq6klHSluu/thSSo +2z5QQq6vE379S0XOETvri2Z9k9rfwOr8jFyI75NhpytWW9++6mmiy56I/RmrmA6 sCUarD3JCMyqOcTZdxcG3Vu/xRjZt+tFd3+MEGE+/79T9Z6hPOhR+0pfZuZIzfE= =qzKR -END PGP SIGNATURE- Kolmar Kafran http://kafran.net http://twitter.com/doutorchefe ü Por favor, considere a proteção ao meio ambiente antes de imprimir esse e-mail.
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
BUMP again. This is really annoying bug which disallow installing Debian on pre-formatted disks/partitions. Any progress? Was Colin Watson proposed patch accepted? Or what is current state of it? -- Pali Rohár pali.ro...@gmail.com signature.asc Description: This is a digitally signed message part.
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
reassign 451535 partman-crypto severity 451535 wishlist thanks On Friday 16 November 2007, Yaroslav Halchenko wrote: I had first installed i386 system with encrypted /home and swap. Then I decided to install also amd64 build -- reusing both encrypted partitions. Although I checked out smth like 'delete data' in the encryption setup menu, which I treated as 'preserve/dont touch', it did reinitialize them and I had to recreate filesystems on top. It is actually possible to reuse existing encrypted LVM volumes by following the procedure documented on [1] just before starting the partitioner. Well, almost. I did have one strange issue with that procedure though: after crypto and LVM had been activated, partman did not recognize the existing file systems on the logical volumes even though they could be mounted. And even though the partman log _does_ indicate that the partition was recognized. However, I completely agree that it should be possible to do this in a simpler way. Reassigning your suggestion to the appropriate component. Maybe we should have a general option Detect existing encrypted and/or logical volumes on the partman main screen. Cheers, FJP [1] http://wiki.debian.org/DebianInstaller/Rescue/Crypto -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
clone 451535 -1 reassign -1 partman-lvm severity -1 normal thanks On Monday 19 November 2007, Frans Pop wrote: I did have one strange issue with that procedure though: after crypto and LVM had been activated, partman did not recognize the existing file systems on the logical volumes even though they could be mounted. And even though the partman log _does_ indicate that the partition was recognized. This seems to be an issue in init.d/50lvm from partman-lvm. That script will basically always create a new loop label on a logical volume and create a single partition. This is not really necessary if the LV already has a partition and prevents existing partitions from being detected. Cloning to partman-lvm for this issue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#451535: debian-installer: allow to 'reuse' encrypted volumes
Package: debian-installer Version: 20070308 Severity: normal I had first installed i386 system with encrypted /home and swap. Then I decided to install also amd64 build -- reusing both encrypted partitions. Although I checked out smth like 'delete data' in the encryption setup menu, which I treated as 'preserve/dont touch', it did reinitialize them and I had to recreate filesystems on top. So I think 'Delete data' must be named 'Wipe out data', and another item in the menu should be 'Reuse' or 'Keep existing encrypted volume' Thanks in advance! -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (900, 'testing'), (300, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]