Results 1 to 10 of 15

Thread: HOWTO: re-install / upgrade over existing dm-crypt / LUKS system

Threaded View

  1. #1
    Join Date
    Feb 2007
    Location
    Somewhere on Earth!
    Beans
    123
    Distro
    Ubuntu 10.04 Lucid Lynx

    Post HOWTO: re-install / upgrade over existing dm-crypt / LUKS system

    EDIT: 2011-05-08 brendankidwell informs us that this HOW-TO is still relevant to the latest Ubuntu versions:
    [These instructions work] for upgrading from Kubuntu 10.10 to Ubuntu 11.04. In this case, ignore the bit about using a (now ancient) Ubuntu 8.04.1 install disc. Use "Ubuntu 11.04 alternate install" for your correct architecture.

    Introduction

    So lets say you are running a 32-bit dm-crypt system, and want to 'upgrade' to a 64-bit version. Perhaps you are in the habit of 'upgrading' by doing a fresh-install of the new distro. Maybe you screwed up your system and want to do a fresh-install.

    If one of these scenarios is you, then this HOWTO is for you!

    The reason I am writing this is because I too wanted to join the 21st century by upgrading to a 64-bit version of Intrepid, and I ran into some serious problems! After 3 weeks and some helpful tips, I got my system running again, and hopefully this HOWTO will help you to avoid the same hurtles that I experienced! So, without further ado...

    Prerequisites

    You:

    • You are running a system with dm-crypt/LUKS, and probably LVM.
    • You keep a separate /home partition in which all of your files and settings exist.
    • You want to do a fresh install


    Things you need:


    • A note-pad with these commands written on it, or a separate computer, or a dualboot system
    • Ubuntu 8.04.1 Hardy Heron Alternate-install CD (64-bit Recommended!)
      NOTE: Even if your end-goal is to install Intrepid Ibex (8.10) you must do a fresh-install of Hardy first and then upgrade. The reason for this is the Intrepid alternate disc (at the time of writing) does NOT handle encryption well, and your install will [probably] fail.


    Recommended pre-steps:

    • As always, back-up any critical data, including any files in /root that you may want to save
    • Make backups of your /boot directory, /etc/fstab, /etc/crypttab, /etc/apt/sources.lst and any other special configuration files you may want to keep.
    • Helpful: print out a 'vim' cheat-sheet for text editing from the command line.



    Procedure:

    1. (Optional) Make a list of all installed programs so you can easily re-install your favorites later:
      Code:
      $ dpkg --get-selections > ~/installed-packages
    2. Insert the 8.04.1 Hardy Heron alternate-install CD, and reboot your computer
    3. Upon booting the CD, select the 'recovery' option from the menu. This is necessary for the installer to read your current configuration and load the dm-crypt modules.
    4. Follow the prompts. You will be asked for your hostname and the password to your current dm-crypt volume
    5. When you reach the recovery menu, press the escape key one or more times in order to get to the 'table of contents'.
    6. One down from the recovery menu is the set-up-partitions menu. Select it and hit 'enter'.
    7. Select 'Manual' partitioning
    8. The should have detected your LVM setup and should display the local volumes.

      select your /boot partition:
      (in this example it will be /dev/sda0 )
      set it to use it as your /boot partition, and to format it.

      select your / (root) partition:
      (in our case, we will call this /dev/mapper/Encrypted-root )
      set it to use it as your / partition, and to format it.

      select your /home partition:
      (Again, our example this will be /dev/mapper/Encrypted-home )
      set it to use it as your /home partition, but DO NOT FORMAT it.

      your swap partition should already be selected for use and formatting.

      You can add any additional partitions you wish to.
    9. Continue with the install - everything should work well from here on out. Be sure to create your username the same as your last one if you want it to take advantage of all of the files and settings in your /home directory.
    10. After the install finishes, reboot the computer. This is where the tricky part begins.
    11. When your computer says 'grub stage 2 loading', press 'esc' to get to the grub menu, and select 'recovery'.
    12. After loading the first part of the kernel (your initrd file from the /boot directory) your computer will stop. It will appear to be frozen, but JUST WAIT. What has happened is that the ubuntu installer failed to configure /etc/crypttab, and so your initrd cannot load the rest of the kernel from your computer because it has no clue what /dev/Encrypted/root is. LUCKILY - initrd has a built in busybox/ash shell, so you need to wait for the initrd to time out and drop you to this shell (as root).
    13. After waiting patiently for it to drop you to the shell, manually create your /etc/crypttab file either with vim or by using the command line like this:
      Code:
      echo "Encrypted /dev/sda1 none luks" > /etc/crypttab
      Where Encrypted is the map name of the LVM partiton, and /dev/sda1 is the location of your LVM partition.
    14. After that step, manually unlock your partitions with the following command:
      Code:
      cryptsetup luksOpen /dev/sda1 Encrypted
      This command will ask you for your password to the encrypted volume.
    15. Now that the system can find your root partition, exit the busybox terminal to continue booting your system.
      Code:
      exit
    16. If everything worked well your new system should boot just fine. Hooray! Now, the /etc/crypttab file that you created in the busybox initrd terminal will not be permanent, so you will need to create that again. Either use the terminal or your favorite editor; your choice - just be sure to do it as 'sudo' this time.
      Code:
      $ sudo echo "Encrypted /dev/sda1 none luks" >> /etc/crypttab
      (Note that this time I used '>>' instead of '>'. This appends the line to the bottom instead of overwriting the file.)
    17. Now that your /etc/crypttab file is all squared away, be sure to update your initrd image so that you can boot normally again:
      Code:
       sudo update-initramfs -k all -c -v
    18. If the last one ran without errors, reboot and be done! If you want to upgrade to Intrepid, follow the instructions here: http://www.ubuntu.com/getubuntu/upgrading
    19. To install all of your old and favorite software, use the list you created from step #1:
      (You may want to first edit the list using a text editor to include only the extras, and none of the core programs if you just preformed an upgrade.)
      Code:
      $ sudo dpkg --set-selections <installed-packages
      $ sudo apt-get dselect-upgrade



    Hooray! You have now done a fresh-install without losing your data or settings. Pat yourself on the back! I sincerely hope that these instructions work for you. I haven't confirmed the /etc/crypttab problem with the 32 bit version yet, but others have agreed that Intrepid + dm-crypt causes serious problems. It will be very nice when the nice folks on the installation teams add the encryption libraries to the LiveCD. Let me know if you have problems or comments to add to this!


    Special thanks to cyberdork33, hyper_ch, RansomStark, and the dm-crypt@saout.de mailing list
    Last edited by MaddMatt; May 9th, 2011 at 07:12 AM. Reason: Updated for latest releases

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •