xrogaan | Would this be a good guide? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/polyinstantiated-directories | 00:01 |
---|---|---|
xrogaan | what does the polyinstantiation of user home directories means? | 00:01 |
pcpower | hello everyone, i had installed devuan with encrypted / and /home, but unencrypted /boot on another partition. default grub installation failed. How should i now boot the system ? grub-mkconfig in my current os dont really work with this issue. | 17:35 |
specing | define "failed" | 17:37 |
GyrosGeier | that should work | 17:38 |
pcpower | is just said that installation on my /dev/sd* drive is impossible | 17:41 |
pcpower | no more information | 17:41 |
fsmithred | legacy bios or uefi? And is it gpt partition or dos partition table? | 17:43 |
pcpower | dos table, legacy bios | 17:43 |
pcpower | maybe this is the issue | 17:43 |
fsmithred | and that error message came from grub? | 17:43 |
fsmithred | during the installation process? | 17:44 |
pcpower | from interactive grub installer in ascii devuan live cd | 17:44 |
fsmithred | huh? | 17:44 |
fsmithred | you were on grub command line? | 17:44 |
pcpower | no | 17:44 |
pcpower | i was in live | 17:44 |
pcpower | cd | 17:44 |
fsmithred | yeah, and what did you do while you were there? | 17:45 |
fsmithred | you used that for the installation? | 17:45 |
pcpower | and there was some kind of gui interface | 17:45 |
pcpower | like grub installer | 17:45 |
premoboss | hello, i have a scanner HP scanjet 2200c, it is usb connected and lusb recognize it, but unprivileged user cannot see. if i run xsane by root, all is ok, scanner is recognizer adn works. so, it is just a privilege issue. how to allow not-privileged user to access to the scanner? | 17:45 |
premoboss | lusb=lsusb | 17:45 |
fsmithred | did you click on the button that says "Copy files" ? | 17:45 |
pcpower | yes | 17:45 |
pcpower | there was no more options | 17:46 |
fsmithred | ok, that was the right thing to do | 17:46 |
pcpower | except chroot | 17:46 |
fsmithred | and continue without bootloader, which you don't want | 17:46 |
pcpower | but i dont really know how to deal with chroot and encrypted partitions | 17:46 |
pcpower | yes, i just want some kind of config file and kernel in /boot partition | 17:46 |
fsmithred | there are a few commands you need for setup | 17:46 |
pcpower | *wanted | 17:46 |
pcpower | but now everything is wrong :( | 17:47 |
fsmithred | did you try to install grub to a partition or to whole device? | 17:47 |
pcpower | there was no partion options, only whole device | 17:47 |
pcpower | nonetheless, i now had some file on /boot | 17:48 |
fsmithred | oh, right that was the debconf dialog for the grub package install | 17:48 |
fsmithred | is the installer still running, or did you already kill it and try to reboot? | 17:49 |
pcpower | i'm now in different os | 17:49 |
pcpower | but it is powered by linux kernel :) | 17:49 |
fsmithred | oh | 17:50 |
fsmithred | on the same computer? | 17:50 |
pcpower | yes | 17:50 |
fsmithred | how does that one boot? | 17:50 |
pcpower | from my grub bootloader on another drive | 17:50 |
pcpower | a have multiple drives in my pc | 17:50 |
pcpower | one for current os | 17:50 |
pcpower | and one for devuan, with /boot , / and /home partitions | 17:51 |
fsmithred | ok, so while you're in this other linux, run update-grub (or the equivalent) and the new installation will be added to the boot menu | 17:51 |
pcpower | the boot partition on devuan drive contains config-4.9...-amd64; initrd.img-4.9... system.map-4.9... and vmlinux-4.9... | 17:52 |
pcpower | this is the problem | 17:53 |
fsmithred | during the install, did you get to the part where you change password and user name? | 17:53 |
pcpower | yes | 17:53 |
fsmithred | then the install is done except for the bootloader | 17:53 |
pcpower | i fully completed the installation | 17:53 |
pcpower | grub-mkconfig is not able to find the devuan system | 17:54 |
pcpower | it only detects the current os | 17:54 |
fsmithred | oh, you'll have to make a manual menuentry because the system is encrypted | 17:54 |
pcpower | how should i do it ? | 17:54 |
fsmithred | edit /etc/grub.d/40_custom | 17:54 |
fsmithred | menuentry 'devuan' { | 17:54 |
fsmithred | set root=(hd1,msdos1) ### Assuming it's second hard drive and /boot is on first partition | 17:55 |
fsmithred | linux /vmlinuz-4.9.whatever ro root=/dev/mapper/root_fs | 17:56 |
fsmithred | initrd /initrd.img-4.9.whatever | 17:56 |
fsmithred | } | 17:56 |
fsmithred | yeah, I guess I should have pasted it. I'm not fully awake right now | 17:57 |
fsmithred | did I guess the partitions right? | 17:58 |
pcpower | no, but i know the correct numbers :) | 17:58 |
fsmithred | cool | 17:59 |
fsmithred | look at /boot/grub/grub.cfg to check the punctuation. I think I got the braces and quotes right. | 18:00 |
fsmithred | https://termbin.com/d61h <- should look something like this | 18:01 |
fsmithred | then update-grub or grub-mkconfig to add it to the boot menu | 18:02 |
pcpower | mapper in root=/dev/mapper/sd* should be replaced ? | 18:02 |
fsmithred | I expect that it should be /dev/mapper/root_fs | 18:02 |
fsmithred | I don't think you can change that unless you edit the installer script | 18:02 |
pcpower | because i have encrypted root on logical partition | 18:03 |
fsmithred | with the live installer? | 18:03 |
pcpower | so maybe it should be like /dev/sdb* like on archwiki ? | 18:03 |
fsmithred | you used the cli installer? | 18:03 |
pcpower | yes, on the cli | 18:03 |
fsmithred | ok | 18:03 |
fsmithred | you're the first one I know of to do that (other than myself) | 18:03 |
fsmithred | whatever you called it and put in /etc/crypttab | 18:04 |
fsmithred | so maybe /dev/mapper/vgname-lvname? | 18:04 |
pcpower | no | 18:04 |
pcpower | with lsblk is looks like normal partitions | 18:05 |
pcpower | same was with gparted | 18:05 |
fsmithred | you set the installer config file to no_formate=yes? | 18:05 |
fsmithred | no_format | 18:05 |
pcpower | yes | 18:06 |
pcpower | maybe | 18:06 |
pcpower | you mean not to format partiitons ? | 18:06 |
fsmithred | yeah | 18:06 |
pcpower | because they were formatted during the installation with ext4 filesystem | 18:06 |
pcpower | but i dont think this will be a problem | 18:06 |
GyrosGeier | wtf are you doing? | 18:07 |
fsmithred | depends on what got formatted | 18:07 |
GyrosGeier | booting a rescue system should be sufficient | 18:07 |
fsmithred | trying to rescue an install from the live-CD | 18:07 |
GyrosGeier | no need to rerun the installer | 18:07 |
pcpower | anyway, grub-mkconfig worked great | 18:07 |
fsmithred | if you entered the /dev/mapper name, it should have done the right thing | 18:07 |
pcpower | now i will try to reboot, thank you very much ;) | 18:08 |
fsmithred | yw | 18:08 |
ukine1 | taking the power back, one user at a time :D | 18:08 |
fsmithred | he's not rerunning the installer, just adding a boot entry to a linux on another hard drive | 18:08 |
ukine1 | fwiw i don't have the deep understanding that you do but also created a luks install via the curses-ish installer mode | 18:09 |
pcpower | its me again | 18:10 |
ukine1 | just didn't have another linux install | 18:10 |
pcpower | nothing changed :( | 18:10 |
fsmithred | was it in the boot menu? | 18:10 |
pcpower | the boot meny did not changes, everything was like before | 18:10 |
pcpower | *dhanged | 18:10 |
fsmithred | you ran update-grub before the reboot? | 18:11 |
ukine1 | should he have run update-grub? | 18:11 |
pcpower | no | 18:11 |
fsmithred | you have to do that to get the new entry in the boot menu | 18:11 |
fsmithred | or drop to grub command line and enter the three commands one at a time, | 18:12 |
fsmithred | then boot | 18:12 |
fsmithred | and enter | 18:12 |
pcpower | what commands ? | 18:12 |
fsmithred | set root=... | 18:12 |
fsmithred | linux... | 18:12 |
fsmithred | initrd... | 18:12 |
fsmithred | boot... | 18:12 |
pcpower | ok | 18:12 |
fsmithred | crtl c to drop to grub prompt | 18:13 |
fsmithred | and tab-completion works | 18:13 |
ukine1 | he just left.. | 18:13 |
yeti | tell your irc client to colour offline nicks differently | 18:13 |
yeti | that really helps | 18:14 |
fsmithred | I'm using hexchat. It's already a different color, but that only works when I'm looking at the screen and not the keyboard. | 18:15 |
yeti | oh... | 18:16 |
yeti | ok | 18:16 |
fsmithred | pretty sure the grub screen has instructions for that | 18:17 |
pcpower | soo | 18:31 |
pcpower | the system loads to initrafms, but then fails to mount /root /dev and something else | 18:31 |
pcpower | it also says that no init foud try init= boot | 18:32 |
ukine1 | that may be because you encrypted / | 18:33 |
ukine1 | i'm just guessing though, i would try my hardest in your situation to run another install using the guided encrypted partition for encrypting your setup | 18:34 |
ukine1 | limiting your modifications in the partitioner to the devuan disk only | 18:34 |
ukine1 | *guided encrypted partitioning | 18:35 |
pcpower | but / decrypts during the boot, i even have acces to some trivial directories, like /usr or something | 18:35 |
ukine1 | that is because you selectively encrypted two things only / and /home | 18:36 |
ukine1 | decrypts? did you have to type your passphrase in? | 18:36 |
pcpower | yes | 18:36 |
ukine1 | curious | 18:36 |
pcpower | and if i type something wrong, it blocks the computer | 18:36 |
Leander | are you sure you're not seeing the contents of your initramfs, rather than the contents of your / | 18:37 |
ukine1 | if i were you, for your use case, and if the package is still even being maintained…use encfs for your situation and a balls-out devuan install | 18:38 |
ukine1 | encfs thrives on the type of use-case you're aiming for | 18:38 |
ukine1 | from what you've described to me; the path you're trying to go about | 18:38 |
ukine1 | i used to use it to just have an encrypted home | 18:38 |
pcpower | what is encfs | 18:38 |
ukine1 | a PAM-compatible directory-as-volume encrypted sub-"real"-fs encryption solution | 18:39 |
pcpower | also, how can i check if I am not seeng the contents of my initramfs ? | 18:40 |
ukine1 | https://packages.debian.org/search?keywords=encfs&searchon=names&suite=stable§ion=all | 18:41 |
ukine1 | it's still alive | 18:41 |
ukine1 | for your use case i'd highly recommend it | 18:41 |
Leander | you can use "mount" to list all mounted file systems, you'll quickly see if you have something like /dev/mapper/something mounted for / | 18:42 |
pcpower | ok | 18:42 |
pcpower | now reboot :-) | 18:42 |
ukine1 | if you can't trust / i.e. the kernel and it's base, /root and /boot you have a fear of possible old-maid situations i'm guessing | 18:42 |
ukine1 | in which case they should be trying all features available; bios pw, bios drive lock... | 18:45 |
ukine1 | still no go? :( | 18:48 |
pcpower | mount displays rootfs mounted on /, which is not normal :( | 18:48 |
pcpower | but when i try to mount my real root partition (/dev/sd*) it says that it is busy | 18:49 |
ukine1 | i've never done it b/c i know i can trust my current hw, but /boot on a stick (using a trusted usb drive as a "key" or even a usbarmory with keybase something or other-like safety net) is another path | 18:49 |
pcpower | yes | 18:50 |
ukine1 | encfs is the best solution for your use case imo…with your adamancy about encrypting /home (only worrying about home) | 18:50 |
pcpower | i've done that with gentoo | 18:50 |
ukine1 | encfs is super easy to use | 18:50 |
pcpower | and to be clear it was easer lol | 18:50 |
ukine1 | it's win | 18:50 |
ukine1 | omgosh | 18:50 |
ukine1 | easier geez | 18:50 |
ukine1 | heh | 18:50 |
Leander | I have a Devuan on an encrypted / on my laptop, but I installed that many years ago and can't remember how I did it | 18:50 |
pcpower | but i had some problems with the uclibc | 18:50 |
ukine1 | nif you can't trust / i.e. the kernel and it's base, /root and /boot you have a fear of possible old-maid situations i'm guessing | 18:51 |
pcpower | not that hard | 18:51 |
ukine1 | in which case i would recommend you should be trying all features available; bios pw, bios drive lock... | 18:51 |
pcpower | just wanted to use the encrypted linux on daily | 18:52 |
Leander | in case of theft of your laptop, who knows what people could uncover in /tmp or /var ? I feel like /home is really not enough | 18:52 |
pcpower | i use stationary pc | 18:52 |
pcpower | :D | 18:52 |
ukine1 | maybe try to kind of rethink your whole security situation from the ground up? maybe if you went over it in your head again something might click that is causing it to not work? | 18:53 |
ukine1 | like an automatic partitioner change that you might have applied then gone back to in the installer? | 18:54 |
pcpower | i think it would be easer to compile a lightweight linux kernel for my pc, place it on the usb drive market with boot flag, than just force it to decrypt the whole disk, reload the kernel with unencrypted one, then just mount and load all other stuff and use the system | 18:54 |
pcpower | but it is just the plan, nothing more | 18:55 |
pcpower | * a plan | 18:55 |
pcpower | and all of the stuff with uefi boot and uefi partition because it looks like its easer to setup | 18:56 |
pcpower | but anyway its not secure to talk about these things through irc lol | 18:57 |
pcpower | the three-word agency is already in game lmao | 18:57 |
pcpower | so quiet | 18:59 |
pcpower | where are you guys ? | 19:00 |
ukine | i'm here. just had an idea: | 19:00 |
pcpower | what kind of idea ? | 19:00 |
ukine | why not use an encfs-home containing a directory with kvm machine and another devuan inside that vm? | 19:00 |
ukine | just an idea. not what you were originally gunning for but objectively more secure | 19:01 |
james1138 | Self erase after entering wrong password a number of times - https://ubuntuforums.org/showthread.php?t=2258356 | 19:01 |
pcpower | i was just kidding about gentoo, to be clear | 19:02 |
ukine | luckily i don't need something like that, i have some pretty secure passwords | 19:02 |
ukine | heh XD | 19:03 |
pcpower | but i thought that devuan installation will be easer | 19:03 |
ukine | if we're out of topic now however let's move to #debianfork | 19:03 |
ukine | it definitely is? | 19:03 |
ukine | heh | 19:03 |
pcpower | debianfork is some kind of out-of theme talking, right ? | 19:03 |
ukine | true | 19:03 |
pcpower | ok, lets go | 19:03 |
ukine | i'm there | 19:04 |
fsmithred | pcpower, you can't mount the partition, you have to mount the logical volume: /dev/mapper/whatever | 19:08 |
james1138 | A tip for Devuan users who use Alsa instead of PulseAudio but found XFCE does not provide a convenient Alsa volume control for its panel (default is Pulse Audio volume control). Called XFCE4-Mixer - it works even on current versions with virtually zero tweaking. | 19:08 |
james1138 | https://packages.debian.org/search?keywords=xfce4-mixer | 19:09 |
fsmithred | james1138, xfce4-mixer is discontinued. You won't find it in beowulf. | 19:09 |
james1138 | Fsmithred: it is not in "Stretch" either - but I just went to the link that I posted, then downloaded and installed without issue. I am using it now on Devuan 2.1 w/XFCE desktop. | 19:12 |
fsmithred | did you get the jessie version? | 19:14 |
james1138 | Yes I did. The page also shows any dependencies in case a person has to manually install (I did not have too)... https://packages.debian.org/jessie/xfce4-mixer | 19:15 |
fsmithred | good to know. | 19:15 |
fsmithred | I use volumeicon-alsa | 19:15 |
james1138 | Anytime I can help. | 19:16 |
james1138 | I had trouble getting volumeicon-alsa to appear on the panel. | 19:17 |
fsmithred | add it to the startup applications | 19:19 |
fsmithred | (put a .desktop file in ~/.config/autostart/ | 19:20 |
james1138 | For me - easier to just use xfce4-mixer and add to panel like other applets. | 19:21 |
fsmithred | you can also add it through the settings manager | 19:21 |
fsmithred | store that info for beowulf - you may need it then. | 19:21 |
james1138 | ~/.config/autostart/Thanks for the tip - again I tried all that and found it easier for me to install and use xfce4-mixer. I just right-click on panel, go to "panel preferences" and click on "items" tab. Just like other applets - just add. No need to touch the desktop file nor enter | 19:25 |
james1138 | ~/.config/autostart/ | 19:25 |
fsmithred | for volumeicon-alsa, you need to go to Settings, Session and Startup, Application Autostart | 19:27 |
fsmithred | and add it there | 19:27 |
james1138 | <grin> pass - I am good. | 19:27 |
* grin[m] and his highlighter thinks that's great | 21:14 | |
john_ | on beowulf pulse audio is not able to be installed because it relies on libpulse0 12 only but beowulf has libpulse0 13 | 22:30 |
mason | john_: If it's any immediate help, you don't actually need PulseAudio for Firefox in De*an. | 22:32 |
john_ | i do need it for discord to play nice with other applications | 22:32 |
john_ | as apulse don't like plug and discord fights for mic with some of my other applications | 22:32 |
mason | Ah. Hrm. | 22:33 |
golinux | I believe that pulseaudio is a dependency in Xfce on Beowulf. | 22:33 |
golinux | Which could be a factor too. | 22:33 |
furrywolf | sounds like we need to put more work into apulse. | 22:33 |
furrywolf | bbl, work | 22:33 |
golinux | furrywolf: Have at it, please . . . | 22:34 |
mason | golinux: Random update, I've got generic netbooting going with NFS root, and I'll be moving on to the self-contained netboot installer next. (All with Beowulf FWIW.) | 22:35 |
golinux | mason: Most excellent! | 22:43 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!