Leaving Trisquel

13 respostas [Última entrada]
Svamiji
Desconectado
Joined: 11/13/2014

Hi everybody !

So sad to leave Trisquel "only" for encryption but I think no one take really this seriously here. Incredible for a 100% free OS... But never mind, I see that Trisquel is developped for a friendly use.
I'm going to Debian where I could find support and help to perform a full disk encryption.
I will come back when someone write a serious tutorial or respond to my post (thanks you teodorescup !) cause if no one help new users this is gona be very difficult to stay on Trisquel.

I hope someday people gona take care about security (not about terrorists but on their laptops...).

Sorry for my bad english.
So have a great day and hope I could come back in Trisquel soon.

davidnotcoulthard (non verificado)
davidnotcoulthard

If you're taking a look at using Debian Squeeze take a look at Gnewsense! (They haven't done a wheezy version yet for some reason)

a_slacker_here
Desconectado
Joined: 06/29/2013

Have you tried:

https://help.ubuntu.com/community/FullDiskEncryptionHowto

http://dailyanarchist.com/2012/02/20/full-disk-encryption-for-ubuntu-and-fedora/

http://www.linuxbsdos.com/2014/01/16/manual-full-disk-encryption-setup-guide-for-ubuntu-13-10-linux-mint-16/

You don't need to switch between those distributions because almost all of them use the same tools. Moreover, Trisquel and Ubuntu share the same root: Debian.

Svamiji
Desconectado
Joined: 11/13/2014

I try a last configuration before move on Debian (where encryption can be assist with the installer...)

davidnotcoulthard: thanks for precision !

a_slacker_here : yes I read about 40 tutorials or guide for encryption but no one explain better than this one https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
but it's for Arch distribution. I try to adapt this tutorial to Trisquel. Maybe it's ok now, I undestand a lot of LVM, LUKS and cryptsetup BUT it's very hard for a new GNU/Linux user to configure alone the system after installation.
I would a LVM configuration but don't know how to configure so I just make a simple encryption with LUKS and cryptsetup.

If I success to install, no doubt that I will make tutorial on Trisquel manual. "If"... ;)

Svamiji
Desconectado
Joined: 11/13/2014

Okay ! I post all my procedure if someone can resolve the problem but no way for me, too much difficult and it's fu***ng my mind.

In shell :
>> sudo su
>> apt-get update
>> apt-get crypsetup

With Gparted :
- sdb1 1GB ext2 (/boot)
- sda1 650GB xfs (/)

Shell again :
>> modprobe xts
>> modprobe aes-x86_64
>> modprobe dm-crypt
>> cryptsetup -y --cipher aes-xts-plain64 --key-size 512 luksFormat /dev/sda1
>> cryptsetup luksOpen /dev/sda1 crypto_root
>> mkfs.xfs /dev/mapper/crypto_root

Launch Trisquel's installation from livecd 6.0.1
Manual partitioning :
/ : /dev/mapper/crypto_root
/boot : /dev/sdb1
bootloader : /dev/sda

Then, when installation ends, in a shell again :
>> mkdir /mnt/root
>> mount /dev/mapper/crypto_root /mnt/root
>> mount /dev/ /mnt/root/dev -o bind
>> chroot /mnt/root mount /proc
>> chroot /mnt/root mount /sys
>> chroot /mnt/root
echo "root UUID=$(blkid | grep /dev/sda1 | cut -c18-53) none luks" >> /etc/crypttab
echo xts >> /etc/initramfs-tools/modules
echo aes-x86_64 >> /etc/initramfs-tools/modules
echo dm-crypt >> /etc/initramfs-tools/modules
>> apt-get update
>> apt-get install cryptsetup
>> mount /boot

>> update-initramfs -u
HERE THE ERROR : W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
So I write in shell :
>> apt-get install dmsetup mdadm (same message error : W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.)
>> apt-get update
>> apt-get install dmsetup mdadm

>> exit
>> umount /mnt/root/boot
>> umount /mnt/root/proc
>> umount /mnt/root/dev
>> umount /mnt/root/sys

(and didn't run this for swap like teodorescup says)
dd if=/dev/zero of=/1G.swap bs=10M count=102 && mkswap /1G.swap
echo "/1G.swap none swap sw 0 0" >> /etc/fstab
echo vm.swappiness=0 >> /etc/sysctl.conf

I joint the result of command >> cat /etc/mdadm/mdadm.conf

Please if someone knows where I made the error..
I will be in Debian since I can encrypt my hard disk on Trisquel (enterely and not just /home...).

Thanks in advance !

EDIT :
Precise that when I reboot (with USBstick where is /boot) I have this text error :

BusyBox v.18.5 (Ubuntu 1:1.18.5-1 ubuntu4.1) built-in shell (ash)
Enter "help" for a list of built-in commands

(Initramfs)

Screenshot from 2014-12-02 16:38:41.png
trisq

I am a member!

Desconectado
Joined: 09/03/2013

Are you trying to do a full disk encryption?

Use "Install Trisquel in text mode" when installing. It will guide you into making an encrypted LVM disk.

It is very similar to this: http://trisquel.info/en/wiki/full-disk-encryption-install

Takes 20-30 minutes.

Svamiji
Desconectado
Joined: 11/13/2014

Yes but I use free.fr connection where I need to login to use Internet. Don't know how to do... And want to learn how to configure it myself !
But may be the best option...
Possible to put /boot on USB ? And use text mode with an public connection where I need to login ?

Magic Banana

I am a member!

I am a translator!

Conectado
Joined: 07/24/2010

I do not think trisq is talking about a NetInstall. He is talking about choosing the text install from the "regular" ISO (entry to be chosen right after the boot). I now remember having seen this option too.

Svamiji
Desconectado
Joined: 11/13/2014

Internet connexion is necessary to perform "Install in text mode"...
I did an full encryption disk with this mode (found a stable connexion) but this also doesn't work.

Can't understand why. Is Trisquel encryption doesn't work on my laptop (Asus X301A)? I guess Debian encryption use the same modules...

I managed to make manual partitioning with :
- boot on USB /dev/sdb1
- swap on an encrypted space on /dev/mapper/crypto_swap (/dev/sda1)
- root on an encrypted space on /dev/mapper/crypto_root (/dev/sda2)

When I reboot (installation ends with no warning or problem), my password is asked and it works but after nothing happens... just open an console (TTY2).

davidnotcoulthard (non verificado)
davidnotcoulthard

I'm guessing there aren't any desktop shells (or even Xorg) installed (since getting to tty2 actually means something actually is happening)?

trisq

I am a member!

Desconectado
Joined: 09/03/2013

Yes, that is correct, the regular ISO. I've always had an internet connection so I do not know if an internet connection is "required" or just nice to have during an install.

I used this text install full disk encryption method on a desktop machine and on laptops without any problem. Can even change the filesystem used in the LVM during the install, kind of buried in there, but it works.

It almost sounds as if his overall desktop installation wasn't completed if a blank screen/terminal showed up instead of the usual GUI login screen?

Svamiji, during the install, near the end, where it asks which packages to install, did you include a desktop package? If not, you'd just get a blank terminal right after booting up. If you chose a desktop, you ought to get the GUI login screen and a regular graphical desktop environment.

Since you got past the initial disk unlocking at boot, it wouldn't be the full disk encryption that was wrong or bad.

Svamiji, perhaps you need to install a desktop? Maybe someone can provide the command line for the standard trisquel desktop? I don't know it right off.

ADFENO
Desconectado
Joined: 12/31/2012

06-12-2014 20:02:35 name at domain:
> Yes, that is correct, the regular ISO. I've always had an
internet
> connection so I do not know if an internet connection is
"required" or just
> nice to have during an install.
>
> I used this text install full disk encryption method on a
desktop machine
> and on laptops without any problem. Can even change the
filesystem used in
> the LVM during the install, kind of buried in there, but it
works.
>
> It almost sounds as if his overall desktop installation
wasn't completed if
> a blank screen/terminal showed up instead of the usual
GUI login screen?
>
> Svamiji, during the install, near the end, where it asks
which packages to
> install, did you include a desktop package? If not, you'd
just get a blank
> terminal right after booting up. If you chose a desktop,
you ought to get
> the GUI login screen and a regular graphical desktop
environment.
>
> Since you got past the initial disk unlocking at boot, it
wouldn't be the
> full disk encryption that was wrong or bad.
>
> Svamiji, perhaps you need to install a desktop? Maybe
someone can provide
> the command line for the standard trisquel desktop? I
don't know it right
> off.

You can use tasksel to select which desktop environment
you wanto to install, just type:

tasksel

And you should see a "graphical" tool which will ask you to
select the desired series of packages that you want to be
installed. But before continuing...

Enter: Apply (go, start installation).
Space: Select group for installation.
Arrows: Move arround.
TAB: Switch level of movement/selection to the next
element.
Shift + TAB: Opposite of TAB.

You'll probably want to select either Trisquel (for GNOME),
Triskel (for KDE) or Trisquel Mini (for a LXDE) desktop
environments. You shouldn't need more than one of these.

After the installation, just to make sure everything is fine,
restart your computer.

If everything went well, you should see the login screen (not
a terminal). If you still can't see the login screen, try both of
this:

sudo service gdm start

sudo service lightdm start

Best regards, ADFENO.
Have a nice day.

--
Assinatura automática – português brasileiro:
– Blogue: http://adfeno.wordpress.com/
– Favor não enviar-me documentos do Microsoft Office ou
Apple
iWork. Ao invés disso, envie documentos em
OpenDocument!
http://fsf.org/campaigns/opendocument/
– Se eu não te desejar um bom dia em meus e-mails, minhas
postagens, ou meus comentários; isto significa que estes
foram
enviados por terceiros.

Automatic signature – North American English:
– Blog: http://adfeno.wordpress.com/
– Please do not send me Microsoft Office or Apple iWork
documents. Instead, send OpenDocument documents!
http://fsf.org/campaigns/opendocument/
– If I don't wish you a nice day in my emails, my posts, or
my
comments; this means that these were sent by third parties.

davidnotcoulthard (non verificado)
davidnotcoulthard

About that Parabola un trusted site thing: It's normal.just install CACert's certificates!

Screenshot-Parabola GNU-Linux-libre - IceCat.png
Svamiji
Desconectado
Joined: 11/13/2014

Yep thanks !

Screenshot from 2014-12-02 17:05:39.png