I just performed a fresh Netinstall on a 32bits machine (it worked at last),
but this time without even a console environment (whatever that is).
I find myself in something called tty1.
I go for a "sudo apt-get update", which fails.
I ping some websites, no positive results.
I also tried while be
Yeah obviously I have everything at /.
You don't have sudo installed. Can you go root?
It seems I have sudo (at least it responds when accessing files with vi), but
my problem now is that I can't start X.
When I try i3, it tells me it cannot open display.
And I wonder if I need that "console environment" that is suggested at the
install phase. I wonder what it provides.
So if
sudo apt-get install trisquel-base
and "xorg" for using startx
For X you need these
xserver-xorg xserver-xorg-core xfonts-base xinit
When starting the system, it's recommended to bring the network
devices/interfaces up (these are the things that make your computer
connect to the Internet, get updates and download upgrades).
I know how to do so when using wired networks, but I don't know how to
do so with wireless networks.
Wit
Oh right, thanks, trisquel-base might be useful.
Just for the sake of it, I'll see what packages it's made of, and pick the
ones I really need.
Thanks, I was wondering which was the smallest install between your
suggestion (server and bitmap fonts) and this one: "sudo apt-get install
--no-install-recommends xorg".
There must be a way to display the dependencies/the package contents in the
CLI/tty.
Thanks! So that would be sudo ifconfig ethX up or sudo ifconfig "ethX" "up"?
I just copied the content of interfaces from my main machine
(without even checking the number of the eth interface, which would have
probably been a bit troublesome on another network)
auto ethX
iface ethX inet dhcp
apt-cache depends --no-recommends $PACKAGE
Nice, thanks! A bit more and I could live without Synaptics.
Either `sudo ifconfig ethX up` and/or `sudo ifconfig "ethX" "up"` are
the same.
I rarely venture into commands, but every dive I do gives me a bit more
knowledge on the subject. However, I haven't studied how dhclient works.
So far, I only know that it's needed for communication with the
Internet.
This is one weird but pleasing Netinstall (less stuff install by default):
- I have no GRUB displayed on startup (Synaptic shows some grub files, but
grub isn't installed)
- it takes very long between startup, and the tty login display. I suspect
it's my wlan config that's doing this (didn't h
I have GRUB_TIMEOUT set at 10,
and GRUB_HIDDEN_TIMEOUT set at 0 (zero).
Are you aware of the grub differences?
grub is "grub 1" i.e. version 1.97
config file /boot/grub/menu.lst
grub2 is "grub pc or grub 2" i.e. version 1.99
config file /boot/grub/grub.cfg created by rules in /etc/default/grub. The
latter file is what you're supposed to edit and then run update-gr
I see, so both are used at different stages of the boot process.
I commented the line containing the splash and quiet parameters, and now I
still have the delay, and no grub displayed.
All I have is a blinking cursor (a line) and I can write text if I want. But
nothing else happens.
I see, so both are used at different stages of the boot process. The way you
describe it, it sounds like a safely editable "alias" (probably not the right
word).
I commented the line containing the splash and quiet parameters, and now I
still have the delay, and no grub displayed.
All I h
I often do the netinstall on Debian systems so I can use Ratpoison or other
window managers alone. I don't tend to use WiFi as it is quite complicated
from the CLI. List devices that can connect to networks: sudo iwconfig
(sometimes devices don't identify themselves sanely, I've found this on
I commented the wlan related lines in /etc/network/interfaces
and made a reboot.
Still no grub, still having a delay.
Once booted, I tried your suggestion, and I'm still stuck at sudo dhclient.
after a minute or two, I still have no wifi up. I'll uncomment back my
interfaces file now.
Howev
These instructions only work for wired networks, which are relatively simple.
You will need to configure wpa_supplicant because there are many different
types of wireless networks. It's just a start before installing wicd or
similar, because you were complaining about no connection with eth0.
Ah, so that's the reason for the absence of those folders.
Thanks for the info.
Ok, so let's recap:
For eth0, I've written 2 lines in /etc/network/interfaces.
It seems I can also make it work with a few commands.
Now I'm installing wicd, thus I need to put the interfaces file back to what
it wa
/etc/network/interfaces was the culprit.
18 seconds from boot only now (still no grub displayed though).
I used ADFENO/root_vegetable method to get ethernet up.
I installed wicd.
Job done. No more plain wpa_supplicant if I can avoid it.
Thanks a lot for the help !
I'll write down all I need for
I'm in the process of reinstalling the whole thing with encryption, but I can
tell you this: seeing that grub wasn't displayed, I went in Synaptics and saw
that grub 'not grub-pc) wasn't installed. I installed it, but nothing
changed.
Also, the grub parameters are identical to the ones on my
Ok, I'm finishing my netinstall, and grub (grub2) refuses to install.
I choose to install it one the MBR (master boot record).
After trying to execute grub-install, I got this:
The execution of " grub-install /dev/sda " failed. This error is fatal.
Then I can either continue and try to install li
Read this,
https://trisquel.info/en/forum/netinstall-0
Trisquel netinstall has a bug. The device is misinterpreted. The installer
tries to install the bootloader on the USB stick. Remove the stick and try
again. The installer mistakenly thinks that /dev/sda is the removable media.
Many thanks, I'll read and try right now.
When installing the Grub boot loader, let if fail, remove the stick and try
again. It will let you try it multiple times as lpong as you don't cancel the
installation. You don't have to start all over, just try the boot loader
installation again as many times as needed to make it understand /
no luck :(
I did that many times, it still stays on /dev/sda
Then I tried to refuse the grub install on the MBR, which gave me the
possibility to choose /dev/sdb instead.
It properly launches on /dev/sdb, but still fails...
The stick being in or out doesn't change a thing for me, whether it's
It worked with me. I didn't break the flow, didn't step back -- just forcibly
removed the stick -- and tried again at the end of the installation at the
usual step where it prompts for the Grub loader.
yes, unfortunately I did just that.
I'll try this now maybe:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1414124
Noted, thank you.
I'm redoing the install quickly, and since grub-install didn't want to
install on either /dev/sda nor sdb, I'm seeing that my drive is sdXX_crypt.
I'll try that if it still fails.
Still, this is weird. I must be doing something wrong, since I could have
grub installed when the disk wasn't encrypted, with the full iso.
Even with the netinstall, though grub wasn't displayed, I could boot when the
disk wasn't encrypted.
Though all I do is follow the Libreboot method to a
The full ISO doesn't have the bug. The issue is only with the netinstall ISO.
yes, when the disk isn't encrypted. I just tried. I still can't make grub
install work. I tried all the methods I know of.
I think I'll stick with an unencrypted 32bits Trisquel install for now. At
least I know this worked.
Why don't you try with an unencrypted boot partition.
/boot
/root
/home
/swap
Do I really need all these?
I didn't read enough about partitioning, but it seems a separated boot
partition is only interesting if running several OS. Not sure about the root
partition though.
Anyway, I tried an assisted, minimal install from the full iso (which is
different from a real N
In my attempt to install grub over a Netinstall 'that fails to install grub,
at least when encrypted), I found that there was an expert-mode allowing to
manually install everything, just like on arch or Parabola.
THIS IS COOL! Best of both worlds (if we put aside the bleeding edge packages
following these tutorials
(https://stephentanner.com/restoring-grub-for-an-encrypted-lvm.html &
https://askubuntu.com/questions/541079/restore-boot-partition-from-running-ubuntu),
I though I had successfully installed grub on my encrypted netinstall.
but when I boot, I quickly get this promp
I've made progress, but problems don't end:
I've done the whole process again, updating grub for good measure. it told me
there was something wrong with the config: GRUB_TIMEOUT wasn't null (was at
10), which is not allowed anymore if GRUB_HIDDEN_TIMEOUT is defined.
So I've put it back to 0.
!!!I managed to boot in my 32bits encrypted Netinstall!!!
One thing left: despite running sudo update-grub when booted, every time I
reboot, I end up in Busybox again.
So I have to go once more in grub and type this:
set prefix=(lvm/volumeGroupName-logicalVolumeName)/boot/grub
set root=(lvm/vo
I suppose it is, since it's in the / partition.
So I need a dedicated unencrypted /boot partition in that case? How come?
I told you so.
My bad. I'll read what you said again then.
One funny sounding variation I've heard about is you can have the /boot on a
thumb drive. I believe that way the computer won't boot without it. No idea
how to do it though or whether it's super safe or anything.
"still, is there a point to keep /boot encrypted?"
An unencrypted boot partition opens the possibility for someone to be able to
install malicious software, since it can be read from and written to without
any problem. Perhaps they'll replace the kernel with a modified version
containing a
Thanks for the thorough explanation, much appreciated.
Thanks lembas, that's a great option.
Thanks jxself, now I know how to do it, and why I should (or not).
The way I roughly consider my threat model is this: even if there's no threat
involved, if it's easy/takes little time to setup, it's better to have it
than not.
This could be a good opti
Could you edit the fstab file to set /boot/ to be on a different drive?
Intel ME gives anyone physical access.
--
What if you go on holiday and an organised crime group targets you?
"Did you enjoy your holiday in Normandy?"
"Yeah, the food was great but someone stole my bitcoins not long after I got
back!"
Or a spook with personal vengence?
Or some nasty "script ki
I seriously think that activists could be at risk.
Perhaps it is just a matter of paperwork, then Intel hits the button to send
off some malware.
And the scary thing is no one can conclusively prove it has/hasn't happened.
We are living in the age of Orwell.
Browsing through my 2009 netbook, I see no AMT/ME parameters.
Sweet. With the encrypted /boot nearly working, even without Libreboot, it's
a rather secure computer.
AMT/ME's wiki page seems to say that only 2015 are concerned. But I might be
wrong. After all, the X200 is of 2008. I never had
> Browsing through my 2009 netbook, I see no AMT/ME parameters. Sweet
Browsing w00t, where? What parameters?
If it is an Intel cpu, you most certainly have it.
ME is present on all Intel desktop, mobile (laptop), and server systems since
mid 2006.
https://libreboot.org/faq/#intelme
> AMT/ME
Oh, right, I meant my BIOS settings.
I'm supposed to be able to able/disable AMT.
Yet there's no related option.
Unfortunately,
My netbook has a North bridge chipset is Intel 945GSE, which suIntelĀ® 82573E
Gigabit Ethernet Controllerpports AMT:
IntelĀ® Active Management Technology,2
when used wi
You should look around for an X60 laptop. They are dirt cheap and you can
flash Libreboot via software.
And you are also saving poor computers from that computer graveyard in
China...
I'm actually saving that old netbook from that same graveyard. Sure, there's
no Libreboot, and that's ok for what I plan to do with it.
And according to the data above, the AMT/ME is no threat on this machine
anyway. So there's no point in me getting an X60 right now.
But if I need another
SOLVED.
I'm now happily running an encrypted netinstall (with /boot encrypted)
without having to worry about AMT/ME, even if this machine isn't running
Libreboot.
What I did to finally be able to boot automatically:
I removed "quiet splash $vt_handoff" from the grub bot config ("c" when in
So you did a normal network installation, using the 'set up full disk
encryption with encrypted LVM' option in the text mode installer?
Then you booted it, changed stuff in /etc/default/grub, and now you can boot
with an encrypted /boot?
Yes (I downloaded a 32 bits Netinstall, to be exact).
But I've chosen to do a manual partitioning, following this guide
(https://libreboot.org/docs/gnulinux/encrypted_trisquel.html).
but since for some reason grub fails to install when I use disk encryption
(as if I'd need to decrypt the dri
Thanks, update-grub has worked.
However, do I need to set a GRUB password in order to use GRUB_CRYPTODISK=y
(or whatever it was)?
Or does it just use my LUKS password?
Actually it hasn't worked at all, when I start GRUB it gives a list of
installed operating systems and then when I select "Debian Stretch/Sid with
linux-image-xxx" it says error: device name required
loading linux-image-xxx
going back to device scanning Then it just loads the kernel as normal
All right, I think I have some better idea about the true nature of
GRUB_ENABLE_CRYPTDISK. According to the Arch Wiki: Boot partition
GRUB can be set to ask for a password to open a LUKS blockdevice in order to
read its configuration and load any initramfs and kernel from it. This option
tr
No, you don't need a GRUB password. If I'm not mistaken, a GRUB password is
meant to prevent unauthorized access to GRUB, nothing more.
No need for that. See my comments below this.
I know I have another command in GRUB_CMDLINE_LINUX:
GRUB_CMDLINE_LINUX="... cryptdevice=UUID=:lvm
root=/dev/mapper/MyStorage-rootvol ..."
Hopefully this will be enough.
Regarding partitioning, it's very standard:
I encrypted the whole thing, then I partitioned it as one / ext4 partition,
an
Yes, and it works!
Never mind the fooling around with root=UUID and all that.
All you need to do is add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub
Run 'grub-mkconfig -o /boot/grub/grub.cfg' and 'grub-install /dev/sda' (or
whatever the drive is)
then comment out /boot in /etc/fstab and run #
Nice, I'm glad it worked :)
I wonder what the difference is between having those commands in
GRUB_CMDLINE_LINUX, and not having the commands but removing /boot from
fstab.
The weird thing is that I don't have a /boot entr in fstab, only
/dev/mapper/main and /dev/mapper/swap.
There is no need to install GRUB via chroot. You just do 'grub-mkconfig -o
/boot/grub/grub.cfg' and then 'grub-install /dev/sda' (or whatever the drive
is). I suspect that 'update-grub' would work but I did not try it.
Funny how Debian Unstable doesn't play up in this respect like
Trisquel/Ub
So that means you had no alert during the install that GRUB failed to
install?
Due to encryption (without it, GRUB get installed properly), I had to finish
Trisquel's installation without a bootloader.
So after booting, I only had a blank screen, no way to input anything. Maybe
GRUB was the
I basically did as follows during installation:
1. Delete all partitions on disk
2. Create 200 M primary partition, for /boot
3. Create logical partition with the rest of space on the disk, with option
"use as physical area for encryption" (or whatever the option is)
4. Select "configure encrypt
Oh, so you did LUKS over LVM then. I did the opposite.
I doubt mine is really safer (preventing access to the LVM partitions in the
first place); plus yours allows stretching partitions over several physical
disks. My LVM is set in stone instead, so to speak (But I don't need the
feature on
think about it
a installing grub to a cd
would not work.
you have to burn a whole image usually.
and the installer assumes it is probably not an expensive rewritable cd. so
it is assumed that installing grub to the cd would always fail.
I don't know how it's supposed to work.
So the image is burned to the CD.
Why, during the install, would it accept installing GRUB on my encrypted
drive more than if I use a USB stick instead?
Normally, a CD is recognized as some kind of drive I think.
So I see no reason for it to be different
73 matches
Mail list logo