Netinsall, tty, apt-get update not working

52 replies [Last post]
hack and hack
Offline
Joined: 04/02/2015

I just performed a fresh Netinstall on a 32bits machine (it worked at last),
but this time without even a console environment (whatever that is).

I find myself in something called tty1.
I go for a "sudo apt-get update", which fails.
I ping some websites, no positive results.
I also tried while being plugged in with ethernet.

Something interesting:
when trying to locate my folders, all there is is the /home/user/, and that's all!
Even when going back to /, I don't see much (I need to check again though).

Any idea what to do next, and how?

hack and hack
Offline
Joined: 04/02/2015

Yeah obviously I have everything at /.

I'll try to copy the content of my /etc/network/interfaces, because this one only has:

auto lo
iface lo inet loopback

After a reboot, It worked...
Sorry for the useless thread...

loldier
Offline
Joined: 02/17/2016

You don't have sudo installed. Can you go root?

hack and hack
Offline
Joined: 04/02/2015

It seems I have sudo (at least it responds when accessing files with vi), but my problem now is that I can't start X.
When I try i3, it tells me it cannot open display.

And I wonder if I need that "console environment" that is suggested at the install phase. I wonder what it provides.
So if you know anything about this as well, I'm interested.

Gnu
Gnu
Offline
Joined: 03/08/2012

sudo apt-get install trisquel-base

and "xorg" for using startx

hack and hack
Offline
Joined: 04/02/2015

Oh right, thanks, trisquel-base might be useful.
Just for the sake of it, I'll see what packages it's made of, and pick the ones I really need.

loldier
Offline
Joined: 02/17/2016

For X you need these

xserver-xorg xserver-xorg-core xfonts-base xinit

hack and hack
Offline
Joined: 04/02/2015

Thanks, I was wondering which was the smallest install between your suggestion (server and bitmap fonts) and this one: "sudo apt-get install --no-install-recommends xorg".

There must be a way to display the dependencies/the package contents in the CLI/tty.

lembas
Offline
Joined: 05/13/2010

apt-cache depends --no-recommends $PACKAGE

hack and hack
Offline
Joined: 04/02/2015

Nice, thanks! A bit more and I could live without Synaptics.

ADFENO
Offline
Joined: 12/31/2012

When starting the system, it's recommended to bring the network
devices/interfaces up (these are the things that make your computer
connect to the Internet, get updates and download upgrades).

I know how to do so when using wired networks, but I don't know how to
do so with wireless networks.

With wired networks, do:

Note: Remove "$ " from the beginning.

$ sudo ifconfig -a

And from the list, try to find the wired network device. It's name is
usually "eth[And some number]" or "p[Some number]p[Other number]".

Now, do:

$ sudo ifconfig "[The wired network device name]" "up"

Now, the network interface is up, but we still have to tell the system
to talk to the part of the network responsible for giving you a local
address inside the network, so that you can really start using it. So,
do:

$ dhclient -v "[The wired network device name]"

And now you're ready to use the Internet.

hack and hack
Offline
Joined: 04/02/2015

Thanks! So that would be sudo ifconfig ethX up or sudo ifconfig "ethX" "up"?

I just copied the content of interfaces from my main machine
(without even checking the number of the eth interface, which would have probably been a bit troublesome on another network)

auto ethX
iface ethX inet dhcp

If I understand properly, the dhclient command sets ethX as dhcp instead of nothing (not even a static IP address)?

But it's very interesting (and needed, for identifying the interface's name) to see how to do so from commands only.

ADFENO
Offline
Joined: 12/31/2012

Either `sudo ifconfig ethX up` and/or `sudo ifconfig "ethX" "up"` are
the same.

I rarely venture into commands, but every dive I do gives me a bit more
knowledge on the subject. However, I haven't studied how dhclient works.
So far, I only know that it's needed for communication with the
Internet.

hack and hack
Offline
Joined: 04/02/2015

This is one weird but pleasing Netinstall (less stuff install by default):
- I have no GRUB displayed on startup (Synaptic shows some grub files, but grub isn't installed)
- it takes very long between startup, and the tty login display. I suspect it's my wlan config that's doing this (didn't have such a delay at first).
- no pulseaudio or alsa by default.
- no gksudo installed. (though sudo -i seems to be better)

But it seems I can get i3 running ok with really minimal programs:
- a real Netinstal, not even a console environment
- putting ethernet up in etc/network/interfaces (or the ADFENO way, thanks again)
- adding wpa-supplicant with wlan ssid and psk
- adding xorg with --no-install recommends
- adding i3, adding my configuration files, xinitrc, profile,
- adding a few programs for wallpaper, brightness, audio

Anyway, I installed grub (which suggested to uninstall 3 grub related programs (grub2 something, for example),
But still no grub displayed, and still that long delay on boot.

Strange.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Do you have, in /etc/default/grub, GRUB_TIMEOUT set to a non-null value and no GRUB_HIDDEN_TIMEOUT?

If not, edit the file, save and execute 'sudo update-grub'.

hack and hack
Offline
Joined: 04/02/2015

I have GRUB_TIMEOUT set at 10,
and GRUB_HIDDEN_TIMEOUT set at 0 (zero).

Also, I'm pretty sure there was no grub displayed from the start, before I modify anything.

Ok, sudo update-grub gave me something interesting:
Could not find /boot/grub/menu.lst file. It asks it to be generated for me.
I say yes.
Everything seems fine, but on reboot, still only a black screen for about a minute, before the tty login prompt appears.

I'm gonna try this maybe: https://askubuntu.com/questions/182248/why-is-grub-menu-not-shown-when-starting-my-computer

The only difference with my working grub on my other machine is this line: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

On the bad grub, it's reversed: GRUB_CMDLINE_LINUX_DEFAULT="splash quiet"

I'll try to reverse it and update. Else, I'll try commenting the HIDDEN_TIMEOUT line.

EDIT:
the second option (commenting the line) did something unexpected: it still didn't display grub, yet I had a message about "disabling irq #16".

Very strange.

It looks like I can reinstall grub from a live CD (which I'd need to redo). I will try it as a last resort.

lembas
Offline
Joined: 05/13/2010

Are you aware of the grub differences?

grub is "grub 1" i.e. version 1.97
config file /boot/grub/menu.lst

grub2 is "grub pc or grub 2" i.e. version 1.99
config file /boot/grub/grub.cfg created by rules in /etc/default/grub. The latter file is what you're supposed to edit and then run update-grub because if you edit the .cfg directly, your changes will be overwritten when update-grub gets run next time (e.g. when there is a kernel update).

You might want to remove the quiet and splash parameters to see what's going on.

hack and hack
Offline
Joined: 04/02/2015

I see, so both are used at different stages of the boot process. The way you describe it, it sounds like a safely editable "alias" (probably not the right word).

I commented the line containing the splash and quiet parameters, and now I still have the delay, and no grub displayed.

All I have is a blinking cursor (a line) and I can write text if I want. But nothing else happens.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

10 for GRUB_TIMEOUT is a lot. At least half that value. I am not sure what GRUB_HIDDEN_TIMEOUT does if set at 0: remove that line if you want to see GRUB's menu.

However, all that would have no influence if you actually have GRUB Legacy (i.e., version 0.97) installed. The package for GRUB 2 is "grub-pc", not "grub". Which one is installed?

hack and hack
Offline
Joined: 04/02/2015

I'm in the process of reinstalling the whole thing with encryption, but I can tell you this: seeing that grub wasn't displayed, I went in Synaptics and saw that grub 'not grub-pc) wasn't installed. I installed it, but nothing changed.
Also, the grub parameters are identical to the ones on my other machine.

Anyway, in a few hours, I'll see if grub is displayed.
if not, I'll see if grub-pc is installed.
And then I'll try to modify the grub parameters. Or maybe should I do that first?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

You need not installed "grub", i.e., GRUB Legacy. "grub-pc" is GRUB 2.

hack and hack
Offline
Joined: 04/02/2015

Noted, thank you.

I'm redoing the install quickly, and since grub-install didn't want to install on either /dev/sda nor sdb, I'm seeing that my drive is sdXX_crypt.
I'll try that if it still fails.

hack and hack
Offline
Joined: 04/02/2015

.

hack and hack
Offline
Joined: 04/02/2015

/etc/network/interfaces was the culprit.
18 seconds from boot only now (still no grub displayed though).

I used ADFENO/root_vegetable method to get ethernet up.
I installed wicd.
Job done. No more plain wpa_supplicant if I can avoid it.

Thanks a lot for the help !

I'll write down all I need for a super lean but easy to setup netinstall, and reinstall the whole thing, with the focus on grub.

hack and hack
Offline
Joined: 04/02/2015

Ok, I'm finishing my netinstall, and grub (grub2) refuses to install.
I choose to install it one the MBR (master boot record).
After trying to execute grub-install, I got this:
The execution of " grub-install /dev/sda " failed. This error is fatal.

Then I can either continue and try to install lilo (if it works, didn't try yet), or continue without a bootloader.

I'm not on Libreboot here, but I (mistakenly?) followed the steps here: https://libreboot.org/docs/gnulinux/encrypted_trisquel.html

I suppose I could continue without a bootloader, or with lilo if it works (it suggests to install it either on the MBR or the new partition in case I want to use another bootloader). Most likely it would need to be on the MBR, but I'd rather have grub.

I suppose I could manually boot, but I'm not sure. In doubt, I'll try this. But I'll wait for now.

Any suggestions?

loldier
Offline
Joined: 02/17/2016

Read this:

https://trisquel.info/en/forum/netinstall-0

Trisquel netinstall has a bug inherited from Debian. On Debian it has been patched. The device is misinterpreted. The installer tries to install the bootloader on the USB stick. Remove the stick and try again. The installer mistakenly thinks that /dev/sda is the removable media.

http://www.rants.org/2014/09/09/debian_install_solving_grub_error/

"Solution: remove the USB stick from which you are installing Debian. Right now it’s /dev/sda and the target hard drive you’re trying to install to is /dev/sdb (during the installation process only)."

hack and hack
Offline
Joined: 04/02/2015

Many thanks, I'll read and try right now.

Is there a specific moment where I should remove it?
Do I first launch the install, let it fail, remove the USB, then try again? I think it's what you said in the thread, but I just wanted to be sure.

EDIT: I'm in luck, it still tries to install on /dev/sda

Maybe there's a way to change the path from the command line.

I've put back the USB key and I'm back at the main menu, at the grub install step.

This definitely needs to be fixed please.

EDIT: Wow, even trying this (manually setting it to /dev/sdb), it fails. https://askubuntu.com/questions/459620/unable-to-install-grub-in-dev-sda-when-installing-grub

loldier
Offline
Joined: 02/17/2016

When installing the Grub boot loader, let if fail, remove the stick and try again. It will let you try multiple times as long as you don't cancel the installation. You don't have to start all over, just try the boot loader installation again as many times as needed to make it understand /dev/sda is the hard disk.

hack and hack
Offline
Joined: 04/02/2015

no luck :(
I did that many times, it still stays on /dev/sda

Then I tried to refuse the grub install on the MBR, which gave me the possibility to choose /dev/sdb instead.
It properly launches on /dev/sdb, but still fails...
The stick being in or out doesn't change a thing for me, whether it's sda or sdb.

I really don't know what to do now.

loldier
Offline
Joined: 02/17/2016

It worked with me. I didn't break the flow, didn't step back -- just forcibly removed the stick -- and tried again at the end of the installation at the usual step where it prompts for the Grub loader.

hack and hack
Offline
Joined: 04/02/2015

yes, unfortunately I did just that.

I'll try this now maybe: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1414124

The last message said something about not putting any path. I don't even know if I was supposed to do it or not, I just tried.
The installation went on, and now it's booting.
Still no grub displayed, only a blinking character-width line. And it's not even booting this time.

I'll reinstall it again now.

EDIT: Still can't install grub at all.
Even lilo doesn't work.
I checked gpg and md5 tough.

Sigh, no netinstall for me...
I can try again with a full 32bit usb stick.

EDIT: the text install from the full iso takes much longer. It's installing much more than a normal netinstall, or so it seems.
I'll see how it goes, but for now I'll probably use Debian for this machine, after all.
Might be an option to pick the grsec kernel on the way.

hack and hack
Offline
Joined: 04/02/2015

Still, this is weird. I must be doing something wrong, since I could have grub installed when the disk wasn't encrypted, with the full iso.
Even with the netinstall, though grub wasn't displayed, I could boot when the disk wasn't encrypted.

Though all I do is follow the Libreboot method to a point:
I make a manual partitioning, encrypt the whole disk, LVM it, and voilà.

Nothing special I think.

loldier
Offline
Joined: 02/17/2016

The full ISO doesn't have the bug. The issue is only with the netinstall ISO.

hack and hack
Offline
Joined: 04/02/2015

yes, when the disk isn't encrypted. I just tried. I still can't make grub install work. I tried all the methods I know of.

I think I'll stick with an unencrypted 32bits Trisquel install for now. At least I know this worked.

loldier
Offline
Joined: 02/17/2016

Why don't you try with an unencrypted boot partition.

/boot
/root
/home
/swap

hack and hack
Offline
Joined: 04/02/2015

Do I really need all these?
I didn't read enough about partitioning, but it seems a separated boot partition is only interesting if running several OS. Not sure about the root partition though.

Anyway, I tried an assisted, minimal install from the full iso (which is different from a real Netinstall since I didn't have to install killall this time, for instance).
No encryption.

I found out that grub was there (even on the non-encrypted real Netinstall), not showing because it seems it a default behavior when only 1 OS is installed.
Maintaining Shift pressed maded it show up.

An alternative I have yet to try is to uncomment the 2 HIDDEN lines in the grub.cfg. Funny that I don't need to do that on the 64bits version. I wonder how this works.

Still, 2 problems remain: There's a serious delay between the moment I turn the machine on and the login screen.
Maybe it's because of my 1GB of RAM though.

The more serious one is that there's no way (I think) to install grub when I encrypt the disk.
I've read about installing it from the live CD, but I'm not sure it's going to be that easy.
I'll look for a method and will try.

hack and hack
Offline
Joined: 04/02/2015

In my attempt to install grub over a Netinstall 'that fails to install grub, at least when encrypted), I found that there was an expert-mode allowing to manually install everything, just like on arch or Parabola.

THIS IS COOL! Best of both worlds (if we put aside the bleeding edge packages I don't personally need).

Totally worth trying on a VM.

hack and hack
Offline
Joined: 04/02/2015

following these tutorials
(https://stephentanner.com/restoring-grub-for-an-encrypted-lvm.html & https://askubuntu.com/questions/541079/restore-boot-partition-from-running-ubuntu), I though I had successfully installed grub on my encrypted netinstall.

but when I boot, I quickly get this prompt:
Attempting to decrypt master key...
Enter passphrase for hd0,msdos1 (bunchOfNumbersAndLetters):

So I go ahead, and I get this:
error: access denied.
error: no such cryptodisk found.
Entering rescue mode...
grub rescue>_

Yet, no typo on my part, I even tried my user passphrase (even if it doesn't make sense).

I have a hard time finding something on the web right now.
If you have a clue about what's going on, I'm interested.

Keep in mind that I only have a / and swap LVM partitions.
I only mounted the first one while following the tutorial roughly, since I had no /boot partition.

hack and hack
Offline
Joined: 04/02/2015

I've made progress, but problems don't end:
I've done the whole process again, updating grub for good measure. it told me there was something wrong with the config: GRUB_TIMEOUT wasn't null (was at 10), which is not allowed anymore if GRUB_HIDDEN_TIMEOUT is defined.
So I've put it back to 0.

I decrypted my drive: the keyboard at this step was probably the default US one.

But now I land in a BusyBox with (intramfs).
I'll try this: https://askubuntu.com/questions/137655/boot-drops-to-a-initramfs-prompts-busybox

EDIT:
I'm stuck here:
dumpe2fs: Bad magic number in super-block while trying to open /dev/sdaX
And that's after chrooting my LVM encrypted drive, following the earlier tutorial again.

This tutorial wont help because I have LVM partitions (https://www.howtoforge.com/community/threads/bad-magic-number-in-super-block-while-trying-to-open-dev-sda2.29951/).

EDIT:
I finally reached grub before reaching Busybox.
I tried this (http://ubuntuforums.org/showthread.php?t=1561735) but I'mstuck here:
insmod /boot/grub/linux.mod

"File not available".
What I have when I ls /boot/grub is: i3686-pc/ gfxblacklist.txt locale/ fonts/ grubenv grub.cfg

So indeed, none of that linux.mod
I found it digging deeper in i386-pc.
So I finish the procedure and boot.

Looking good, the decryption step looks different.
but I end back in that Busybox, with an additional message seconds later, something about perf samples too long (NMI handler took too long to run, it already tried trice).

Brousing through busybox and trying to mount my partition, I see I have no fstab in /etc. I have to check what this means and why it's missing.

More than enough for today...

As always, any help appreciated.

hack and hack
Offline
Joined: 04/02/2015

!!! I managed to boot in my 32bits encrypted Netinstall !!!

One thing left: despite running sudo update-grub when booted, every time I reboot, I end up in Busybox again.
So I have to go once more in grub and type this:
set prefix=(lvm/volumeGroupName-logicalVolumeName)/boot/grub
set root=(lvm/volumeGroupName-logicalVolumeName)
set
ls /boot
insmod linux
linux /vmlinuz root=/dev/mapper/volumeGroupName-logicalVolumeName ro
initrd /initrd.img
boot

How come sudo update grub isn't enough?

Another thing is that first thing a couple of seconds after booting is the lvm passphrase prompt appearing.
The font size is really big and the keyboard layout is most likely US.
Then, by keping shift down, I get to grub, press c and enter the commands above.
Then I boot, and I have an lvm prompt again, but this time with a familiar font size and a french keyboard layout.
Then everything goes as normal, until I reboot.

One possibility is that the kernel is problematic, according to the last link I posted.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I still have not understood if your /boot is encrypted. If so, what is the point?

hack and hack
Offline
Joined: 04/02/2015

It didn't occur to me that I could use a dedicated /boot partition being not encrypted.

My /boot is encrypted, since it's inside the main "/" partition (I only have a "/" and a "swap" lvm encrypted partitions).
I don't really know what the point is, now that I'm aware of that. It might add a layer of security I suppose.
Is there no benefit from doing that?

Oh, so that would mean the first time I input my passphrase is only for the /boot folder in order for grub to start?
Only then it's supposed to decrypt the drive, and boot, I guess.

loldier
Offline
Joined: 02/17/2016

I told you so.

hack and hack
Offline
Joined: 04/02/2015

My bad. I'll read what you said again then.

EDIT: Oh, I get it now. I read too quickly... I thought you were talking about giving up encryption for all partitions... *sigh*

still, is there a point to keep /boot encrypted?
I need to read this, I guess: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system

But Magic Banana seems to say that there isn't much point to it.

But wait, wasn't it only on Libreboot that I can encrypt the boot folder successfully? I'm NOT on Libreboot on this machine btw.

I need to do some reading, thank you both for your help.

lembas
Offline
Joined: 05/13/2010

One funny sounding variation I've heard about is you can have the /boot on a thumb drive. I believe that way the computer won't boot without it. No idea how to do it though or whether it's super safe or anything.

jxself
Offline
Joined: 09/13/2010

"still, is there a point to keep /boot encrypted?"

An unencrypted boot partition opens the possibility for someone to be able to install malicious software, since it can be read from and written to without any problem. Perhaps they'll replace the kernel with a modified version containing a keylogger that makes note of the passphrase that you type in while decrypting the rest of the drive. Which the kernel then saves somewhere for that person to get later. Or perhaps transmits to them somehow. Or who knows what else? The point being it opens a (potential) avenue of attack. Whether or not that's an issue for you depends on your threat model.

"One funny sounding variation I've heard about is you can have the /boot on a thumb drive. I believe that way the computer won't boot without it."

This could be a good option for computers that don't support libreboot and can't have an encrypted /boot (since proprietary BIOSes typically do not have support for reading an encrypted /boot it needs to be left unencrypted.) This can avoid the whole issue I mentioned above (because you could keep the USB thumb drive with you at all times even if not the computer.)

If someone isn't using encryption for the rest of the drive there is very little point in putting /boot on a different drive because even if someone can't boot the drive itself that doesn't stop someone from booting the computer using their own CD or USB stick and then mounting the HDD. Or from removing the HDD from the computer and mounting it on a different computer. And then, they have access to everything. So putting /boot on a different drive only makes sense when disk encryption is also used (and if the computer supports libreboot and can have an encrypted /boot there isn't anything to be gained by putting /boot on a different drive because you don't have unencrypted stuff you're trying to save from unauthorized changes or reading.

"No idea how to do it though or whether it's super safe or anything."

You'd do custom partitioning in the Trisquel installer. Just as you can say in the installer that /home is to be located on a different drive, you'd put the /boot partition on a separate thing too (possibly a USB stick.) So you'd need the thing that is to hold /boot to be connected while doing the install.

lembas
Offline
Joined: 05/13/2010

Thanks for the thorough explanation, much appreciated.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

An unencrypted boot partition opens the possibility for someone to be able to install malicious software, since it can be read from and written to without any problem.

Indeed. However, encryption only makes a difference in a scenario with physical access. That is, in this case, someone booting a Live system on the computer and changing the kernel in /boot.

hack and hack
Offline
Joined: 04/02/2015

Thanks lembas, that's a great option.
Thanks jxself, now I know how to do it, and why I should (or not).
The way I roughly consider my threat model is this: even if there's no threat involved, if it's easy/takes little time to setup, it's better to have it than not.

This could be a good option for computers that don't support libreboot and can't have an encrypted /boot (since proprietary BIOSes typically do not have support for reading an encrypted /boot it needs to be left unencrypted.)
Looking at this (https://wiki.archlinux.org/index.php/GRUB#Boot_partition) and this (http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/), it seems I don't need to be on Libreboot in order to have a functioning encrypted /boot anymore. Grub offers this exception now.

So even if I'm not on Libreboot on this machine, I still can boot manually. But I can't figure out how to save my manual input. Yet.

EDIT:
Changing grub parameters only isn't enough.
Last thing to try is adding lvm and luks hooks to "initramfs.conf", which is the equivalent of Archlinux's "mkinitcpio".

hack and hack
Offline
Joined: 04/02/2015

SOLVED.

I'm now happily running an encrypted netinstall (with /boot encrypted)
without having to worry about AMT/ME, even if this machine isn't running Libreboot.

What I did to finally be able to boot automatically:
I removed "quiet splash $vt_handoff" from the grub bot config ("c" when in grub).
This worked. I tried again only removing splash this time.
It worked also.
So after booting, I removed quiet splash altogether (I don't like the black screen "quiet" offers).
And did an "update-grub".

Worked marvelously.

Btw, to have grub displayed automatically, comment the first line (10 means ten seconds before automatic boot):
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT="10"

I also did this, following the link I've already posted:
Configuring the boot loader
Configure GRUB to recognize the LUKS encrypted /boot partition and unlock the encrypted root partition at boot:

in /etc/default/grub

GRUB_CMDLINE_LINUX="... cryptdevice=UUID=:lvm root=/dev/mapper/MyStorage-rootvol ..."
GRUB_ENABLE_CRYPTODISK=y

And to get /boot encrypted:
code>in /etc/default/grub

GRUB_ENABLE_CRYPTODISK=y

Not much of a clean tutorial, but basically:
I just made a normal encrypted lvm install.
grub failed to install during the Trisquel install. It's ok, just finish the install without a bootloader.
Then, not being able to boot, I chrooted the drive in the LiveCD (follow the link I posted).
After installing grub, keep Shift pressed during the boot, press c when grub shows up, then type the commands to boot.
But before that, you can type e instead of c and try to already remove "quiet splash", or at least splash.
Else, when booted, configuring etc/default/grub is necessary, and also updating it (sudo update-grub) before rebooting.

That was tough to figure out (for me), but it was totally worth it, and is easy to reproduce after doing it once.

hack and hack
Offline
Joined: 04/02/2015

Nice, I'm glad it worked that way :)

I wonder what the difference is between having those commands in GRUB_CMDLINE_LINUX, and not having the commands but removing /boot from fstab. Yet I think I've tried that at an earlier stage, without success.
It seems the GRUB_CMDLINE_LINUX is used to add CLI parameters to the kernel.

The weird thing is that I don't have a /boot entry in fstab, only /dev/mapper/main and /dev/mapper/swap.

Also I had to remove the splash parameter for GRUB to be able to boot by itself.

Anyway, good to see that it is simpler on Debian testing, that means less headaches for the future Trisquel releases.

BTW, did you have to install GRUB by chroot or not?