Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[draeath]

There's another use case here too, in cases where I want to use my own LUKS
parameters - that the installer doesn't expose. Perhaps I want
--type=luks1, maybe I want a different --iter-time, etc. Actually, if the
installer (in expert mode) let us pass arbitrary arguments for cryptsetup
this would close up this use case.

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[markoadsl2]

On 07/09/2019 21:25, Ben Hutchings wrote:


What makes you think the installer is intended to be used for upgrades?

Ben.

Not for upgrading an existing OS installation but it should be usable 
for a fresh OS install while preserving user data. That is an important 
goal in having a separate /home partition.


I do realise that in such a scenario the configuration files in user's 
home directories may need some manual attention.



-marko

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Ben Hutchings]

On Sat, 2019-09-07 at 13:48 +0300, M Santala wrote:
[...]
> This bug has persisted for a long time and it bites long-term Debian
> users who are upgrading their systems, causing loss of time and
> data. This makes upgrade a challenge and encourages to keep obsolete
> systems in operation.

What makes you think the installer is intended to be used for upgrades?

Ben.

-- 
Ben Hutchings
The most exhausting thing in life is being insincere.
 - Anne Morrow Lindberg




signature.asc
Description: This is a digitally signed message part

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[M Santala]

Package: partman-crypto
Followup-For: Bug #451535

Dear Maintainer,

   * What led up to the situation?

Trying to do a fresh Buster installation using "Expert install" on an
old computer with encrypted LVM volumes, with the aim of not
formatting the volumes. I was using ISO image
debian-10.0.0-amd64-DVD-1.iso on a MicroSD card.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

The encrypted partition was not recognized initially at all, however,
the embedded LVM volumes were recognised after manually opening the LUKS
wrapper (along the lines in Message #90).

NB. A boot into Rescue mode recognizes and opens the encrypted volume
correctly.

   * What was the outcome of this action?
   
The installer does not recognize the existing filesystems on LVM
volumes (unlike the Rescue mode). Proceeding with installation results
in formatting of the selected volumes and data loss.

This may be mitigated by selecting only a root volume at installation
stage and manually reconfiguring the other filesystems later.

   * What outcome did you expect instead?

The existing filesystems should be recognized and formatting should be
optional, just as it is with pre-existing native disk volumes.
[Does this work with unencrypted LVM?]

This bug has persisted for a long time and it bites long-term Debian
users who are upgrading their systems, causing loss of time and
data. This makes upgrade a challenge and encourages to keep obsolete
systems in operation.


-marko

-- System Information (the affected computer):
Debian Release: Wheezy
Architecture: amd64 (x86_64)

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Ben Hutchings]

On Mon, 2017-05-15 at 17:37 -0300, Kolmar Kafran wrote:
> On Mon, 15 May 2017 21:26:28 +0100 Ben Hutchings  > wrote:
> 
> > It is in the nature of an installer that it is capable of
> > overwriting
> > existing data.  Based on your instructions, I think the installer
> > already makes it quite clear what's going to happen.
> 
> The documentation defines that:
> 
> > The severity levels are:
> > critical
> > makes unrelated software on the system (or the whole system)
> > break, or causes serious data loss, or introduces a security hole
> > on systems where you install the package.
> 
> Since it is not possible to advance with the installation without
> formating the partition, based on the severity levels definition, I
> think this should be marked as critical.

You always have the option to do nothing.

Ben.

-- 
Ben Hutchings
Humour is the best antidote to reality.



signature.asc
Description: This is a digitally signed message part

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Kolmar Kafran]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, 15 May 2017 21:26:28 +0100 Ben Hutchings  wrote:

> It is in the nature of an installer that it is capable of overwriting
> existing data.  Based on your instructions, I think the installer
> already makes it quite clear what's going to happen.

The documentation defines that:

> The severity levels are:
> critical
> makes unrelated software on the system (or the whole system) break, or 
> causes serious data loss, or introduces a security hole on systems where you 
> install the package.

Since it is not possible to advance with the installation without
formating the partition, based on the severity levels definition, I
think this should be marked as critical.

Att,

Kolmar Kafran.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZGhExAAoJEKrvtn5ZdulsTFwH/0HjMqYXNCefMnI4JHB9iBnC
JsMIRXz0760rfNYYC/KvsrO/YXOdvbUEkJc7XtxVgQkJFft7ZRh/HhZb86kVfmGe
PyY4N1lWXMmT0b4DpkzgoTTNYKp23ywFIIY0SRqR4qi+BbiWyE9F95dulWYDn2ST
DP1htn7CBiYuMd+CIAsSWdw4qD0ADCYqEOmjHNwozte017ZoJlXm395ffj+EEgW+
Cgp9zcpBNrfeg65gxDs5WoTz55x9o22+C9eNa8aE8gEGuzWzQH7C9GWHrHx/VLzH
t4R9elqx9zsuaaSKWVYX+2RDeVcfNZ76i+vTkFLlPzFxHN6pq7+LiocnOHxQKJ8=
=WsQa
-END PGP SIGNATURE-

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Ben Hutchings]

On Mon, 2017-05-15 at 17:20 -0300, Kolmar Kafran wrote:
> severity: critical
> 
> I would like to say this bug still persist on Debian Stretch.
> 
> I suggest this bug to be marked as 'critical', since this could lead to
> data loss.
[...]

It is in the nature of an installer that it is capable of overwriting
existing data.  Based on your instructions, I think the installer
already makes it quite clear what's going to happen.

Ben.

-- 
Ben Hutchings
Humour is the best antidote to reality.



signature.asc
Description: This is a digitally signed message part

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Kolmar Kafran]

severity: critical

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I would like to say this bug still persist on Debian Stretch.

I suggest this bug to be marked as 'critical', since this could lead to
data loss.

The debian installer doesn't recognize a previous encrypted volume (Tested
with netinstall.iso). The critical is that even with workaround to
recognize the partitions on encrypted volume the installer only advances on
formating these partitions causing data-loss.

This is a long time bug and I think this could be fixed in time for Stretch
release. I don't know if the Ubuntu installer is the same but this bug
doesn't exists on Ubuntu.

How to achieve the bug:

Step 1:
On "Partition disk" go to "Configure encrypted volumes"
https://www.dropbox.com/s/xvsa2d6l4k925oz/step1.png

Step 2:
Select "Create encrypted volume". This will make anna install the necessary
packages to work with encryption.
P.s.: on Ubuntu, this step shows an option to setup an existing encrypted
volume.
https://www.dropbox.com/s/hii5g0uvewb3djq/step2.png

Step 3:
Go back.
https://www.dropbox.com/s/ckzb2r4pgirufum/step3.png

Step 4:
Do NOT save changes to disk.
https://www.dropbox.com/s/1s5r2h8x1rfi419/step4.png

Step 5:
Go back. Open a shell. Open luks volume. Activate volume group. Exit.
https://www.dropbox.com/s/658k4bqe5vzdpf1/step5.png

Step 6:
Detect disks. LVM partitions are now seen.
https://www.dropbox.com/s/6fdxpoqmef4htz6/step6.png

Step 7 (This is the critical bug):
Choosing any LVM partition and selecting to use as the previous format
system leads to "re-format" the partition. This step should ask if you want
to keep the existing file system. This could lead to /home data loss.
On Ubuntu you can choose to not format the partition at this stage.
https://www.dropbox.com/s/qmjiuv1enicg49b/step7.png

I hope this help to solve this annoying problem. Today its impossible to
install Debian on an already encrypted system without data loss.

Cheers,

Kolmar Kafran.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJZGg0ZAAoJEKrvtn5Zdulsjt4H/1Jvn4HQBqIs1mvFCCiOfGZ5
eF4/BcofxebKICqInrsqeAJSnje1iOQMvpzMKit5tysLpBF3tV01bjVzrt78m874
NwiSqwzEhFHssPJxEztmOnH2GukdRS3D/w0U1CmnG/cxF5pbDq2ufcA9a+1kJ+/L
KyebYmP7qLuDYkY0k5ZBzfdPcblkje8voSGEr02AbHxDj6N2Aq6klHSluu/thSSo
+2z5QQq6vE379S0XOETvri2Z9k9rfwOr8jFyI75NhpytWW9++6mmiy56I/RmrmA6
sCUarD3JCMyqOcTZdxcG3Vu/xRjZt+tFd3+MEGE+/79T9Z6hPOhR+0pfZuZIzfE=
=qzKR
-END PGP SIGNATURE-

Kolmar Kafran

http://kafran.net
http://twitter.com/doutorchefe


ü Por favor, considere a proteção ao meio ambiente antes de imprimir esse
e-mail.

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Pali Rohár]

BUMP again. This is really annoying bug which disallow installing Debian 
on pre-formatted disks/partitions. Any progress? Was Colin Watson 
proposed patch accepted? Or what is current state of it?

-- 
Pali Rohár
pali.ro...@gmail.com


signature.asc
Description: This is a digitally signed message part.

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Frans Pop]

reassign 451535 partman-crypto
severity 451535 wishlist
thanks

On Friday 16 November 2007, Yaroslav Halchenko wrote:
 I had first installed i386 system with encrypted /home and swap. Then I
 decided to install also amd64 build -- reusing both encrypted
 partitions. Although I checked out smth like 'delete data' in the
 encryption setup menu, which I treated as 'preserve/dont touch', it
 did reinitialize them and I had to recreate filesystems on top.

It is actually possible to reuse existing encrypted LVM volumes by following 
the procedure documented on [1] just before starting the partitioner.

Well, almost.
I did have one strange issue with that procedure though: after crypto and 
LVM had been activated, partman did not recognize the existing file systems 
on the logical volumes even though they could be mounted. And even though 
the partman log _does_ indicate that the partition was recognized.

However, I completely agree that it should be possible to do this in a 
simpler way. Reassigning your suggestion to the appropriate component.

Maybe we should have a general option Detect existing encrypted and/or 
logical volumes on the partman main screen.

Cheers,
FJP

[1] http://wiki.debian.org/DebianInstaller/Rescue/Crypto



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Frans Pop]

clone 451535 -1
reassign -1 partman-lvm
severity -1 normal
thanks

On Monday 19 November 2007, Frans Pop wrote:
 I did have one strange issue with that procedure though: after crypto and
 LVM had been activated, partman did not recognize the existing file
 systems on the logical volumes even though they could be mounted. And
 even though the partman log _does_ indicate that the partition was
 recognized.

This seems to be an issue in init.d/50lvm from partman-lvm. That script will 
basically always create a new loop label on a logical volume and create a 
single partition. This is not really necessary if the LV already has a 
partition and prevents existing partitions from being detected.

Cloning to partman-lvm for this issue.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#451535: debian-installer: allow to 'reuse' encrypted volumes

[Yaroslav Halchenko]

Package: debian-installer
Version: 20070308
Severity: normal


I had first installed i386 system with encrypted /home and swap. Then I
decided to install also amd64 build -- reusing both encrypted
partitions. Although I checked out smth like 'delete data' in the
encryption setup menu, which I treated as 'preserve/dont touch', it
did reinitialize them and I had to recreate filesystems on top.

So I think 'Delete data' must be named 'Wipe out data', and another item
in the menu should be 'Reuse' or 'Keep existing encrypted volume'

Thanks in advance!

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (900, 'testing'), (300, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]