Installing Debian onto USB flash media with everything encrypted.

Posted by DaveV on Sat 9 Jul 2005 at 22:14

This is a simple procedure for installing Debian GNU/Linux onto a USB key flash media. It includes several configuration changes but tries to stay as close to a default debian install as possible.

This is useful for administrators that need to carry sensitive information or people concerned about their privacy.


This was tested on Debian Sid and Knoppix 3.8 with the USB Keys listed below.

Tested Media:

  1. Transcend Jetflash 256MB ( only the base debootstrap install plus a few select packages ).
  2. Apacer Handy Steno HT203 1GB ( very fast, recommended ).

Other reviews of USB Flash media:

  1. ArsTechnica USB 2.0 Hi-Speed Flash Drive Roundup - http://arstechnica.com/reviews/hardware/flash.ars/1
  2. ArsTechnica Son of USB 2.0 Hi-Speed Flash Drive Roundup - http://arstechnica.com/reviews/hardware/flash2005.ars/1

Note on Devices: All device names and mappings are as they were detected and I used them on my system. You will need to substitute the correct device as it is detected on your system.

KNOPPIX NOTE: When you see these notes, there are special steps necessary for installing from Knoppix.


Installation Procedure

1. Shred the drive

shred -n 1 -z -v /dev/sdd
(One pass to shred, one pass to zero)

2. Create Partitions

We will create two partitions on the USB key, one for /boot and one for / (root). We do not create a swap partition because that would prematurely age the usb key. You may mount and use swap partitions from the local harddrives ala knoppix but that is up to you.
parted /dev/sdd "mklabel msdos mkpart primary 0 14 mkpart primary 15 -0"

3. Shred rootfs

shred -n 1 -v /dev/sdd2
(zero'd filesystems are bad for encrypted ones.)

4. Load modules if necessary

modprobe dm-crypt
modprobe aes
KNOPPIX NOTE: We need to install a few packages.
apt-get update
apt-get install cryptsetup dmsetup libdevmapper1.01

5. Created mapped crypt device for root

cryptsetup -y create rootfs /dev/sdd2

6. Format filesystems:

Since we can't use journaling filesystems on flash media (premature aging again), we fall back to good old ext2.
mkfs.ext2 /dev/mapper/rootfs
mkfs.ext2 /dev/sdd1
sync ; sync

7. Apply disk labels

We do this so that we can identify our drive when we boot on various systems. Using a strict device mapping often breaks if other usb or flash devices are detected before ours.You may use any label that you like, but you will have to remember to update the initrd (file: /sbin/init)
e2label /dev/sdd1 PRIVDEB_BOOT

8. Make temporary mount points and mount

mkdir /mnt/buildroot/
mount /dev/mapper/rootfs /mnt/buildroot
mkdir /mnt/buildroot/boot
mount /dev/sdd1 /mnt/buildroot/boot

9. Install base files.

debootstrap --arch i386 sid /mnt/buildroot
Note: Installed size is about 160MB at this stage.
KNOPPIX NOTE: We need to copy a few extra devices over.
cp -ap /dev/ub[a-f]* /mnt/buildroot/dev/

10. Enter chroot jail to work on system.

chroot /mnt/buildroot/ /bin/su -

11. Build fstab and mount everything.

Create /etc/fstab file
#/etc/fstab: static file system information.
#                                
LABEL=PRIVDEB_BOOT  /boot          ext2    defaults,noatime                   0 2
/dev/mapper/rootfs  /              ext2    defaults,errors=remount-ro,noatime 0 1
proc                /proc          proc    defaults                           0 0
tmpfs               /etc/network/run tmpfs defaults,noatime                   0 0
tmpfs               /tmp           tmpfs   defaults,noatime                   0 0
tmpfs               /var/lock      tmpfs   defaults,noatime                   0 0
tmpfs               /var/log       tmpfs   defaults,noatime                   0 0
tmpfs               /var/run       tmpfs   defaults,noatime                   0 0
tmpfs               /var/tmp       tmpfs   defaults,noatime                   0 0
tmpfs               /home//Scratch tmpfs defaults,noatime               0 0

#Warning:  By mounting /var/log on tmpfs, logs will only be available for the current session.
Mount it all
mount -a

12. Build sources.list

Create /etc/apt/sources.list
deb http://mirrors.kernel.org/debian/ sid main non-free contrib
deb-src http://mirrors.kernel.org/debian/ sid main non-free contrib

deb http://ftp.uk.debian.org/debian-non-US/ sid non-US/main non-US/non-free non-US/contrib
deb-src http://ftp.uk.debian.org/debian-non-US/ sid non-US/main non-US/non-free non-US/contrib

# If you are using debian stable (woody) include the security updates.
# deb http://security.debian.org/ sid/updates main non-free contrib
Note: You can install and use apt-spy to test for the fastest downloading mirrors in your area.

13. System adjustments

blkid.tab: this file is cached as drives are scanned. Since the scan only takes a few seconds, you dont lose much by not caching or setting the default cache to /dev/null. This file generates an error on boot if the cache file has different device mappings than are currently detected. By removing the cache and forcing a fresh scan every time, the error is eliminated.
rm -f /etc/blkid.tab*
ln -s /dev/null /etc/blkid.tab
mtab: This file is written a lot and may prematurely age parts of the flash media and the information can simply be accessed from /proc directly.
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab
Set Hostname
vi /etc/hostname
Set /etc/hosts with localhost + hostname
vim /etc/hosts
127.0.0.1 localhost.localdoman localhost 

14. Install additional required packages

apt-get update
apt-get install cryptsetup dmsetup libdevmapper1.01
apt-get install discover1 libdiscover1
apt-get install module-init-tools equivs cramfsprogs
apt-get clean

15. Install custom mkinitrd script and equiv package

Create mkinitrd.dmcrypt-usb file in /usr/local/sbin
#!/bin/bash

# Filename:      mkinitrd.dmcrypt-usb
# Maintainer:    Dave Vehrs 

# Help
: << HELP_STEXT
Options:
    -c           Temporary directory to build image in.
    -k           Keep temporary directory used to build image.
    -l    Use  to indenify boot partition.
    -o  Write to outfie
    -d,-m,-r     Included for fake support of default mkinitrd script
                 (anything passed to them is discarded).
                 
See http://www.saout.de/tikiwiki/tiki-index.php?page=USBFlashMedia for more info.
HELP_STEXT

function display_shelp {  
	echo; echo "Usage $0 [OPTION]...<-o outfile> [version]"
	sed --silent -e '/HELP_STEXT$/,/^HELP_STEXT/p' "$0" | sed -e '/HELP_STEXT/d'
} 

# Set defaults
BOOT_LABEL="PRIVDEB_BOOT"
CRAMFSDIR=/tmp/cramfs
keep_temp=0
unset VERSION

# Parse command line.
# if version + other options not specified, exit.
if [ $# -eq 0 ] ; then
    display_shelp
    exit 1
fi

while [ $# -ge 1 ] ; do
	case $1 in 
        -c  ) CRAMFSDIR=$2          ; shift ; shift ;;
        -d  ) dir_conf=$2           ; shift ; shift ;;
        -k  ) keep_temp=1           ; shift ;;
        -l  ) BOOT_LABEL=$2         ; shift ; shift ;;
        -m  ) cmd_mkinitrd=$2       ; shift ; shift ;;
        -o  ) outfile_name=$2       ; shift ; shift ;;
        -r  ) initrd_root=$2        ; shift ; shift ;;
		*   ) VERSION=$1            ; shift ;; 
	esac
done

# Exit if version not specified
if [ -z "$VERSION" ] ; then
    echo "Error: You need to specify a kernel version to build for."
    exit 1
else
    VERSION=${VERSION##*/}
fi

# Start build...
echo "Build directory tree."
install -d $CRAMFSDIR/{bin,dev/mapper,etc,proc,mnt,sbin}

echo "Copy binaries from /bin."
# Copy /bin binaries over and any require libraries.
files_bin="bash grep mount umount mkdir mknod sed sleep uname"
for file in $files_bin ; do 
    install /bin/$file $CRAMFSDIR/bin/$file
    for lib in $( ldd /bin/$file | awk '{print $3}' | grep -v fffe000 ) ; do
        install -d $CRAMFSDIR/${lib%/*}
        install $lib $CRAMFSDIR/$lib
    done
done

echo "Copy binaries from /usr/bin."
# Copy /usr/bin binaries over and any require libraries.
files_usrbin="find mawk"
for file in $files_usrbin ; do 
    install /usr/bin/$file $CRAMFSDIR/bin/$file
    for lib in $( ldd /usr/bin/$file | awk '{print $3}' | grep -v fffe000 ); do
        install -d $CRAMFSDIR/${lib%/*}
        install $lib $CRAMFSDIR/$lib
    done
done

echo "Copy binaries from /sbin."
# Copy /sbin binaries over and any require libraries.
files_sbin="cryptsetup e2label modprobe pivot_root"
for file in $files_sbin ; do 
    install /sbin/$file $CRAMFSDIR/sbin/$file
    for lib in $( ldd /sbin/$file | awk '{print $3}' | grep -v fffe000 ) ; do
        install -d $CRAMFSDIR/${lib%/*}
        install $lib $CRAMFSDIR/$lib
    done
done

# Add common links
ln -s bash /tmp/cramfs/bin/sh
ln -s mawk /tmp/cramfs/bin/awk

echo "Copy devices over."
# Copy devices over
cp -apL /dev/{console,hd,initrd,null,ram,scd,sd}* $CRAMFSDIR/dev/

echo "Copy modules over."
# Copy modules over
modules="aes-i586 dm-crypt sd_mod sr_mod ehci-hcd uhci-hcd ohci-hcd sl811-hcd usbhid usbkbd usb-storage vesafb fbcon ext2 unix"
for mod in $modules; do
  for ko in $( modprobe --set-version $VERSION --show-depends $mod | cut -b8- ) ; do
    install -d $CRAMFSDIR/${ko%/*}
    install $ko $CRAMFSDIR/$ko
  done
done

cp -apL /lib/modules/$VERSION/modules.* $CRAMFSDIR/lib/modules/$VERSION/

echo "Copy /etc files over."
# Copy required config files over
cp -apr /etc/modprobe.d $CRAMFSDIR/etc/
echo "Copy custom init over."
# Copy custom init file.  (see below)
cat <$CRAMFSDIR/sbin/init
#!/bin/bash

# Filename:      /sbin/init
# Dependencies:  awk, bash, cryptsetup, e2label, find, grep, modprobe 
#                mount, pivot_root, sed, sleep and uname.
#                
# This file generated by mkinitrd.dmcrypt-usb by Dave Vehrs.
set -e

# Set vars
unset pass part_boot part_rootfs major minor label
dm_name="device-mapper"
dm_dir="mapper"
dir="/dev/\$dm_dir"
control="\$dir/control"
count=0

# Mount /proc
/bin/mount -n -t proc none /proc

# Mount /dev/mapper on tmpfs
/bin/mount -o rw -n -t tmpfs none /dev/mapper

# Modules to load
CORE_MODULES="unix ide-core scsi_mod sd_mod sr_mod mbcache ext2"
DISPLAY_MODULES="vesafb fbcon"
CRYPT_MODULES="aes-i586 dm-mod dm-crypt"
USB_MODULES="ehci-hcd ohci-hcd uhci-hcd sl811-hcd usbcore usbhid usbkbd usb-storage"

# Load Modules
if [ -e /lib/modules/\$(/bin/uname -r) ] ; then 
    echo "initrd: loading modules."
    for module in \$DISPLAY_MODULES \$CORE_MODULES \$CRYPT_MODULES \$USB_MODULES ; do
        /bin/find /lib/modules/\$(/bin/uname -r) -name \$module.ko -exec /sbin/modprobe \$module \;
    done
fi

# Test to be sure the procfs is mounted, if not exit. 
if [ ! -e /proc/devices ] ; then
    echo "initrd: procfs not found: please create \$control manually."
    exit 1
fi

major=\$(/bin/sed -n 's/^ *\\([0-9]\+\\) \+misc$/\1/p' /proc/devices)
minor=\$(/bin/sed -n "s/^ *\\([0-9]\+\\) \+\$dm_name\\\$/\1/p" /proc/misc)

# Test to be sure dm_mod loaded
if [ -z "\$major" -o -z "\$minor" ] ; then
    echo "initrd: \$dm_name kernel module not loaded: can't create \$control."
    exit 1
fi
 
# Create new control device.
echo "initrd: creating \$control character device with major:\$major minor:\$minor."
/bin/mknod --mode=600 \$control c \$major \$minor

# Sleep to let kernel finish loading.  15 seconds is enough on most systems.  
echo "initrd: sleeping for 15 seconds so kernel can finish detecting devices."
/bin/sleep 5
echo "initrd: sleeping for 10 more seconds..."
/bin/sleep 5
echo "initrd: sleeping for 5 more seconds..."
/bin/sleep 5
echo "initrd: awake...."

# Search for boot partition label.  When usb media is detected by the operating
# system seems to migrate a little depending on what port you connect to on the
# mainboard and what if any other devices are connected and where.  To
# compensate for that, we search for the label on our boot partition.
echo "initrd: searching for boot partition label."
for device in \$( /bin/grep sd[a-h]1 /proc/partitions | /bin/awk '{print \$4}' ) ; do
    label=\$( /sbin/e2label /dev/\$device 2>/dev/null )
    if [ ! -z "\$label" ] ; then
        if [ "\$label" == "$BOOT_LABEL" ] ; then
            part_boot="/dev/\$device"
        break
        fi
    fi        
done

# Exit if boot partition not found.
if [ -z "\$part_boot" ] ; then
    echo "initrd: error -- boot partition label not found (\$part_boot)."
    exit 1
fi

# Assign rootfs variable from boot (i.e. if boot is on /dev/sda1, this will
# set part_rootfs to /dev/sda2).
part_rootfs=\$( echo \$part_boot | /bin/sed -e 's/1/2/' )

# Unmount /proc
/bin/umount /proc

# Prompt for password
echo -en "\\nplease enter password for rootfs filesystem: "
read -s pass
echo -e

# Attempt mounting
echo "initrd: attempting to mount rootfs."
echo \$pass | /sbin/cryptsetup create rootfs \$part_rootfs
/bin/mount -r -n -t ext2 /dev/mapper/rootfs /mnt

# Loop for bad password attempts
while [ \$? -ne 0  ] ; do
    # Remove old crypt mount.
    /sbin/cryptsetup remove rootfs
    
    # Test for max tries.
    if [ \$count -ge 5 ] ; then
        echo -e "\\ninitrd: too many bad guesses.  aborting."
        exit 1
    else
        count=\$(( \$count + 1 ))
    fi
    
    # Reprompt for password
    echo -e "\\ninitrd: error -- rootfs mount failed." 
    echo -n "please re-enter password: "
    read -s pass
    echo
    
    # Reattempt mounting
    echo \$pass | /sbin/cryptsetup create rootfs \$part_rootfs
    /bin/mount -r -n -t ext2 /dev/mapper/rootfs /mnt
done

unset pass

echo "initrd: rootfs successfully mounted."

# Now that the encrypted media is readable, shift the root to it and continue
# the boot cycle by running its init.
cd /mnt
/sbin/pivot_root . initrd
exec /usr/sbin/chroot . /sbin/init
EOF
chown root:root $CRAMFSDIR/sbin/init
chmod 755 $CRAMFSDIR/sbin/init

# make cramfs file
if [ -z "$outfile_name" ] ; then
    mkcramfs $CRAMFSDIR ./initrd-$VERSION.img
else
    mkcramfs $CRAMFSDIR $outfile_name
fi

# Cleanup
if [ $keep_temp -eq 0 ] ; then
    rm -rf $CRAMFSDIR
fi
Set permissions, and links.
chown root.root /usr/local/sbin/mkinitrd.dmcrypt-usb
chmod 750 /usr/local/sbin/mkinitrd.dmcrypt-usb
ln -s /usr/local/sbin/mkinitrd.dmcrypt-usb /usr/sbin/mkinitrd
Next we need to install an equivs package to let the package system know that we installed this ourselves and not to install initrd-tools
cd /tmp
equivs-control initrd-tools
Edit the generated template so that it looks like:
Section: misc
Priority: optional
Standards-Version: 
     
Package: initrd-tools
Build equivs package
equivs-build initrd-tools
Install the package
dpkg -i initrd-tools_1.0_all.deb
For more information about equivs, see the APT howto at: APT-Howto: Equivs

16. Remove unwanted locales

Be very careful configuring and running localepurge. It is very easy to delete too many locales.
apt-get install localepurge
localepurge
apt-get clean
For more information about localepurge, see the APT howto at: APT-Howto: localepurge

17. Install kernel

WARNING: Kernels prior to 2.6.10 had a bug in the dm_crypt modules that potentially could reveal data. Only use 2.6.10 or better.
apt-get install kernel-image-2.6.11-1-686
apt-get clean
Note: Install size is approximately 184MB now. If you want to install a kernel built from source you can. After you install it, run /sbin/mkinitrd to build the /boot/initrd file. When you run /sbin/mkinitrd, it may print several FATAL errors regarding modules that it cannot find. If you built these modules into the kernel then you can ignore the error messages. If you omitted the modules, this is your warning to go build them as modules or into the kernel. Required modules: dm_crypt, aes, ide_core, scsi_mod, sd_mod, ehci-hcd, ohci-hcd, uhci-hcd, sl811-hcd, usb-storage, usb-hid, dm_mod, cramfs

18. Install optional packages

apt-get install vim irsii-text mutt fetchmail antiword screen
apt-get install exuberant-ctags less procmail
apt-get install python2.3 python2.3-pexpect python2.3-fuse
apt-get install xserver-common xserver-xfree86 xbase-clients xfree86-common
apt-get install ion3 -or- blackbox -or- fluxbox -or- icewm
apt-get install xterm
apt-get install memtest86+
Note: All this is approximately 300mb installed (with dependencies).

19. Install grub

apt-get install grub
grub-install /dev/sdd
mkdir /boot/grub
grub
 root (hd1,0)
 setup (hd1)
 quit
Create /boot/grub/menu.lst file
# default num
default         0

# timeout sec
timeout         5

# pretty colours
color green/black black/green

title   Debian GNU/Linux-2.6.11-1-686
root    (hd0,0)
kernel  /vmlinuz-2.6.11-1-686 root=/dev/ram0 init=/sbin/init vga=794
initrd  /initrd.img-2.6.11-1-686
savedefault
boot

title   Debian GNU/Linux-2.6.11-1-686 (Rescue/Single)
root    (hd0,0)
kernel  /vmlinuz-2.6.11-1-686 root=/dev/ram0 init=/sbin/init single
initrd  /initrd.img-2.6.11-1-686
boot
        
title   Memtest86+
root    (hd0,0)
kernel  /memtest86+.bin
boot

20. Add User accounts

Either:

Copy an existing /etc/group, /etc/passwd, and /etc/shadow file over from another system (this has to be done from outside the chroot directory).

Or:

Add users locally.

  1. set root password
    passwd root
    
  2. add local user
    useradd 
    passwd 
    
  3. repeat step 2 as necessary

21. Exit Jail

umount -a
umount /proc
exit

22. Unmount and remove crypt mapping

cd
umount /mnt/buildroot/
cryptsetup remove rootfs

23. Reboot to test media

shutdown -r now

MOUNTING ON ANOTHER LINUX SYSTEM

1. Make sure required modules are loaded.

modprobe dm_crypt
modprobe aes-i586  (or aes)
modprobe usb-storage

2. Insert USB key into port

3. Create device mapping and mount

cryptsetup create rootfs /dev/sdd2
mount /dev/mapper/rootfs /mnt/buildroot

 

 


Posted by Anonymous (193.124.xx.xx) on Sat 23 Jul 2005 at 11:26
Really cool article. Great respect to the author.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Wed 27 Jul 2005 at 03:51
Yes, feed the ego....but on a serious note, thank you.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Wed 27 Jul 2005 at 03:38
Debian stopped using the non-US sources for SID so we can simplify the sources.list file to be:
deb http://mirrors.kernel.org/debian/ sid main non-free contrib
deb-src http://mirrors.kernel.org/debian/ sid main non-free contrib

# If you are using debian stable (woody) include the security updates. # deb http://security.debian.org/ sid/updates main non-free contrib

[ Parent | Reply to this comment ]

Posted by Anonymous (199.209.xx.xx) on Wed 3 Aug 2005 at 21:10
Hi,
I'm a newbie and I have a question about how do you determine what the device name is for the USB flash media. I have Debian 3.1 loaded, and when I insert my USB flash media, the system recognizes it and mounts it. However, the properties show it to be in /media/"volume name". I have no idea name it is associated to under /dev/

TIA,
Jon

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Wed 3 Aug 2005 at 23:51
Run the mount command and the output will tell you what is mounted where.

For example:
$ mount
/dev/sda2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
/dev/sda1 on /boot type ext2 (rw)

[ Parent | Reply to this comment ]

Posted by Anonymous (199.209.xx.xx) on Thu 4 Aug 2005 at 13:30
Thanks Dave,
That is exactly what I needed ;-)

[ Parent | Reply to this comment ]

Posted by Anonymous (199.209.xx.xx) on Thu 4 Aug 2005 at 18:52
Dave,
I have run into a problem with this at Step 5. When I enter "cryptsetup -y create rootfs /dev/sdb2", I get prompted for a passphrase. I enter one and get prompted to retype it, which I do. At this point, I get the error: "command failed: invalid argument"

Do you happen to know what might cause this?

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 4 Aug 2005 at 20:44
I've seen reports of that with more recent versions of libdevmapper1.01. What version do you have installed?

Also, what versions of dmsetup and cryptsetup?

Also what platform are you running on AMD64 or i386? I generally use AMD64 but I can open a 32bit jail for some testing....

[ Parent | Reply to this comment ]

Posted by Anonymous (199.209.xx.xx) on Thu 4 Aug 2005 at 21:26
Dave,
I have the following:
libdevmapper=2:1.01.00-4 (that's how synaptic shows it)
dmsetup=2:1.01.00-4
cryptsetup=20050111-3

I am running on i386

Thanks

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 5 Aug 2005 at 16:32
First, do you have libdevmapper or libdevmapper1.01 installed? If its libdevmapper, uninstall it and install libdevmapper1.01.

Second, I think your dmsetup is a couple versions behind current and a quick apt-get update/upgrade should fix that.

(I have version 1.01.03-1 for dmsetup and libdevmapper1.01)

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sat 6 Aug 2005 at 03:42
Ok, after further research it appears that something big is broken. I'm getting a variety of errors on both my amd64 and i386 test boxes.

The only versions I have that still mount are all a couple of months out of updates so I'll try and work backwards from them to see what changed.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sat 6 Aug 2005 at 06:17

OK, rebuilding libdevmapper1.01 and dmsetup from the source package fixed my problems.

Easiest/fastest way to rebuild it is with apt-src.

First, install apt-src if you need to and remove prebuilt versions of libdevmapper1.01, dmsetup:

apt-get install apt-src
apt-get remove libdevmapper1.01 dmsetup

Note: cryptsetup will get removed as well because it depends on libdevmapper1.01 and dmsetup.

Second, create a directory to store source files in and use apt-src to download/install the necessary files:

cd $HOME
mkdir SRC
apt-src install libdevmapper1.01

Third, build the packages:

apt-src build libdevmapper1.01 dmsetup

Forth, install the packages:

dpkg -i libdevmapper1.01*.deb libdevmapper-dev*.deb dmsetup*.deb

Fifth, put cryptsetup back:

apt-get install cryptsetup

Note: Until the binary distribution of libdevmapper1.01 and dmsetup is fixed, you will also need to run apt-src update/upgrade when you do regular system updates with apt-get update/upgrade.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sat 6 Aug 2005 at 06:29

Small correction.

Change into the SRC directory after you create it, as apt-src will create quite a few directories and files.

cd $HOME
mkdir SRC
cd SRC
apt-src install libdevmapper1.01

....

[ Parent | Reply to this comment ]

Posted by Anonymous (199.209.xx.xx) on Tue 9 Aug 2005 at 18:42
Dave,
Sorry about the delay in getting back to you (I hosed my kernel trying to get sound support working and had to rebuild). Anyway, everything appears to be fine now until I get to step 9. I execute "debootstrap --arch i386 sid /mnt/buildroot" and the system goes out and downloads a lot of files but it errors out with: "Couldn't download libsigc++-1.2-5c102" and then I get kicked back to a prompt.

Jon

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Tue 9 Aug 2005 at 19:42
Jon,

Yeah, debootstrap can be a little finky sometimes. However, the good news is you can just run it again as many times as necessary until you get the successful install message.

If its a download issue then generally a second run is all thats necessary.

Or if its a problem with the mirror's update status, try different mirror or wait a day then try again.

[ Parent | Reply to this comment ]

Posted by irishjd (199.209.xx.xx) on Wed 10 Aug 2005 at 17:19
Dave,
I tried multiple downloads and multiple mirrors, but debootstrap keep failing at: "Couldn't download libsigc++-1.2-5c102" Do you happen to know of a mirror that you know works?

Thanks,
Jon

[ Parent | Reply to this comment ]

Posted by Anonymous (134.96.xx.xx) on Fri 12 Aug 2005 at 11:55
Ok...

I had the same problem when trying to install to a
loop device

try

--exclude=libsigc++-1.2-5c102

to exclude the file from the bootstrap. It can later be added :)

[ Parent | Reply to this comment ]

Posted by Anonymous (86.8.xx.xx) on Sun 28 Aug 2005 at 21:18
Hello! Yes great work! I had on my mind to do something like this for quite sometime and today I came across this page! because I could not download libsigc++-1.2-5c102 I used sarge instead of sid... maybe I shouldn't... at the end of debootstrap I got:
I: Extracting libstdc++5... ar: /mnt/buildroot//var/cache/apt/archives/dpkg_1.10.28_i386.deb /var/cache/apt/archives/dpkg_1.13.11_i386.deb: No such file or directory zcat: stdin: unexpected end of file I: Installing core packages... ln: `/mnt/buildroot/usr/bin/awk': File exists umount: /mnt/buildroot/dev/pts: not mounted umount: /mnt/buildroot/dev/shm: not mounted umount: /mnt/buildroot/proc/bus/usb: not mounted
then on chroot I just can't su:
Portatil:/mnt/buildroot# chroot /mnt/buildroot/ /bin/su - Sorry. Portatil:/mnt/buildroot# chroot /mnt/buildroot/ I have no name!@Portatil:/# su Sorry.
Then on step 11
I have no name!@Portatil:/# pico /etc/fstab bash: pico: command not found I have no name!@Portatil:/# nano /etc/fstab bash: nano: command not found I have no name!@Portatil:/# vi /etc/fstab bash: vi: command not found
ok so I used my own environment to create the /mnt/buildroot/etc/fstab entrie but when on chroot I used the mount -a:
I have no name!@Portatil:/# mount -a warning: can't open /etc/mtab: No such file or directory mount: special device LABEL=PRIVDEB_BOOT does not exist mount: mount point /etc/network/run does not exist mount: mount point /home//Scratch does not exist
On step 12 I used again my own environment and I copied my own sources.list (for debian sarge). And on step 13 on the /etc/hosts and /etc/hostname I also have also used my own environment... Now the big problem is step 14:
I have no name!@Portatil:/# apt-get update bash: apt-get: command not found I have no name!@Portatil:/# aptitude
please I would like some help... should I erase everything and use debootstrap sid with --exclude=libsigc++-1.2-5c102 ? thanks in advance Tiago Geada

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sun 28 Aug 2005 at 22:08

Almost all of the errors after su failed are related to the fact that your new chroot environment is not setup properly. For example, the applications can't be found cause the PATH variable is not set.

For the mount error, if you created the link to /etc/mtab to /proc/mounts, then the error is that /proc probably isn't mounted yet. Try this:

mount -t proc none /proc
mount -a

However having said all that, I believe that the root problem is that debootstrap error. While its probably fixable, the quickest solution is to just erase everything and start over with either sarge or sid.

[ Parent | Reply to this comment ]

Posted by cusco (86.8.xx.xx) on Mon 29 Aug 2005 at 00:32
ok now everything went good until installing the kernel

as I have choosen sarge instead of sid I would have to install kernel-image-2.6.8-2-686 instead (like not caring about the bug that could reveal data). Altho I get the following output:

---
Portatil:/tmp# apt-get install kernel-image-2.6.8-2-686
Reading Package Lists... Done
Building Dependency Tree... Done
kernel-image-2.6.8-2-686 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up kernel-image-2.6.8-2-686 (2.6.8-16) ...
Build directory tree.
Copy binaries from /bin.
Copy binaries from /usr/bin.
Copy binaries from /sbin.
Copy devices over.
Copy modules over.
FATAL: Module sl811_hcd not found.
Copy /etc files over.
Copy custom init over.
/usr/sbin/mkinitrd: line 120: /tmp/cramfs/sbin/init: No such file or directory
mount: proc already mounted
Failed to create initrd image.
dpkg: error processing kernel-image-2.6.8-2-686 (--configure):
subprocess post-installation script returned error exit status 9
Errors were encountered while processing:
kernel-image-2.6.8-2-686
E: Sub-process /usr/bin/dpkg returned an error code (1)
---

so Im stuck here... should I go back all the process again and choose sid instead??

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Mon 29 Aug 2005 at 01:12

It should still work. Let me look into it.

Off of the top of my head the problem is in step 15, maybe you can retry from there. (no need to erase it all)

Ignore the "FATAL: Module sl811_hcd not found.", thats only a problem if thats your USB controller chipset which obviously isn't a problem for you because you're already accessing usb devices.

[ Parent | Reply to this comment ]

Posted by cusco (86.8.xx.xx) on Tue 30 Aug 2005 at 00:55
I don't know why or how but I cant install the kernel

I don't understand anything about the initrd...

-----

Get:1 http://mirrors.kernel.org sarge/main
kernel-image-2.6.8-2-686 2.6.8-16 [15.5MB]
Fetched 15.5MB in 1m19s (196kB/s)
Selecting previously deselected package
kernel-image-2.6.8-2-686.
(Reading database ... 10083 files and directories currently installed.)
Unpacking kernel-image-2.6.8-2-686 (from .../kernel-image-2.6.8-2-686_2.6.8-16_i386.deb) ...

You are attempting to install an initrd kernel image (version 2.6.8-2-686)
This will not work unless you have configured your boot loader to use initrd. (An initrd image is a kernel image that expects to use an INITial Ram Disk to mount a minimal root file system into RAM and use that for booting).

As a reminder, in order to configure LILO, you need
to add an 'initrd=/initrd.img' to the image=/vmlinuz
stanza of your /etc/lilo.conf

I repeat, You need to configure your boot loader -- please read your
bootloader documentation for details on how to add initrd images.

If you have already done so, and you wish to get rid of this message,
please put
"do_initrd = Yes"
in /etc/kernel-img.conf. Note that this is optional, but if you do not,
you will continue to see this message whenever you install a kernel
image using initrd.
Do you want to stop now? [Y/n]n
Setting up kernel-image-2.6.8-2-686 (2.6.8-16) ...
Build directory tree.
Copy binaries from /bin.
Copy binaries from /usr/bin.
Copy binaries from /sbin.
Copy devices over.
cp: cannot stat `/dev/hd*': No such file or directory
cp: cannot stat `/dev/initrd*': No such file or directory
cp: cannot stat `/dev/scd*': No such file or directory
cp: cannot stat `/dev/sd*': No such file or directory
Copy modules over.
FATAL: Module sl811_hcd not found.
Copy /etc files over.
Copy custom init over.
/usr/sbin/mkinitrd: line 120: /tmp/cramfs/sbin/init: No such file or directory
mount: mount point /dev/mapper does not exist
Failed to create initrd image.
dpkg: error processing kernel-image-2.6.8-2-686 (--configure):
subprocess post-installation script returned error exit status 9
Errors were encountered while processing:
kernel-image-2.6.8-2-686
localepurge: Disk space freed in /usr/share/locale: 25116K
E: Sub-process /usr/bin/dpkg returned an error code (1)

---------

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Tue 30 Aug 2005 at 06:32

Ok, I dunno why sarge isn't working, but I've done most of my testing with sid and it works like clockwork. Try it.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 15 Sep 2005 at 02:29

Looks like I may have discovered the bug that was causing this to fail for you. Sorry I didn't catch it sooner.

See post http://www.debian-administration.org/articles/179#comment_28

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Mon 29 Aug 2005 at 01:42

Just out of curiosity, what brands and sizes of usb media have people been using? Any recommendations or warnings?

[ Parent | Reply to this comment ]

Posted by cusco (86.8.xx.xx) on Mon 29 Aug 2005 at 20:33
Hi! I supose the problem could be on step 15 yes I'll try to look into it later on today...


I have a CRUZER mini 1.0GB
It works pretty good, never had problems with it.

I also have a iomega pendrive - 256MB. As I offered the iomega to my brother I can't say much about it but I know this far: He lost quite some files on it when suddenly windows would not recognise it as a formated drive.. lol

I used cfdisk util to fix it. I saw him write some files to it and next day windows would not recognise it again, could't even format it... I used cfdisk again... and never heard about it again..
I have the cruzer for about 1 year now and the iomega since christmas...

Don't use iomega usb sticks :P

[ Parent | Reply to this comment ]

Posted by Anonymous (61.88.xx.xx) on Thu 15 Sep 2005 at 01:06
Hmm, at stage11 I get:

mount: special device LABEL=PRIVDEB_BOOT does not exist
mount: mount point /home//Scratch does not exist

when I 'mount -a'. What have I missed? I'm giving this a go with Ubuntu Breezy BTW (I can actually go on until the grub install so I'm pretty close in general).

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 15 Sep 2005 at 02:04

First for the boot label, did you skip step #7?

7. Apply disk labels

We do this so that we can identify our drive when we boot on various systems. Using a strict device mapping often breaks if other usb or flash devices are detected before ours.You may use any label that you like, but you will have to remember to update the initrd (file: /sbin/init)

e2label /dev/sdd1 PRIVDEB_BOOT


And for /home//Scratch, thats a error in the howto that needs to be corrected. In the fstab file, the last line should read:

tmpfs               /home/<username>/Scratch tmpfs defaults,noatime               0 0
And all you need to do replace <username> with your username and create the Scratch mount point ( mkdir /home/<username>/Scratch ).

[ Parent | Reply to this comment ]

Posted by Anonymous (203.217.xx.xx) on Thu 15 Sep 2005 at 09:17
I didn't skip step #7 - I understand why this is done and it's the first thing I checked. (as soon as it's done it's automounted as /media/PRIVDEB_BOOT). It seems the device node doesn't exist after the chroot so the label can't be found. Perhaps things work a little differently in Ubuntu. Would cpoying the /dev/sd* nodes before the chroot help? I guess it cant hurt to try and it's really only required during the install, right?

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 15 Sep 2005 at 14:41

During the install its sometimes necessary to force /proc to mount first, try:

mount -t proc none /proc
mount -a

And if that doesn't work, you can also force the mounting of the /boot partition during the install chroot by just mounting its device directly. The debootstrap step should have already created the device files you need so you shouldn't have to copy them.

[ Parent | Reply to this comment ]

Posted by cinderbdt (24.10.xx.xx) on Sun 18 Sep 2005 at 21:51
I also had these errors, though I did not skip step 7. The Scratch error has now gone away, but
mount: special device LABEL=PRIVDEB_BOOT does not exist
is still happening. I'm confused about why, since the /etc/fstab is exactly as written in this article. I've made it on to step 14, but when I attempt apt-get,
apt-get: error while loading shared libraries: libgcc_s.so.1: cannot open shared object file: No such file or directory
debootstrap finished successfully, but I am not able to find libgcc in my chroot environment. How can I add it, if apt-get isn't working? Thanks.

[ Parent | Reply to this comment ]

Posted by cinderbdt (24.10.xx.xx) on Sun 18 Sep 2005 at 22:04
I was able to use the Debian package list to find a URL, and wget was installed. So I did this:
wget http://mirrors.kernel.org/debian/pool/main/g/gcc-4.0/libgcc1_4.0. 1-7_i386.deb -o libgcc1_4.0.1-7_i386.deb
dpkg --install libgcc1_4.0.1-7_i386.deb
Then I was able to do apt-get update and continue with step 14. So I am now only wondering about the mount -a issue.

[ Parent | Reply to this comment ]

Posted by Anonymous (24.10.xx.xx) on Mon 19 Sep 2005 at 00:48
It turns out that I did not have /dev/sdc* in the chroot /dev location (my usb key was being detected as /dev/sdc). Outside the jail, I used:
cp -ap /dev/sdc* /mnt/buildroot/dev/

Then, when I went back inside the jail, mount -a did not complain.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 15 Sep 2005 at 02:26

OK, it looks like a small bug in the HTML parser/generator for this website caused a couple errors in the text that I did not catch before tonight.

The error is that to input < and > symbols you need to use the < and > representations. However if you preview the text, it changes them to the <> symbols in the preview and in the text you input. If you dont catch it every time you preview the document then the error is there.

Now, the errors I've found so far are all in the mkinitrd.dmcrypt-usb script.

The first is in the Help text here document, it currently reads:

# Help
: << HELP_STEXT
Options:
    -c           Temporary directory to build image in.
    -k           Keep temporary directory used to build image.
    -l    Use  to indenify boot partition.
    -o  Write to outfie
    -d,-m,-r     Included for fake support of default mkinitrd script
                 (anything passed to them is discarded).
                 
See http://www.saout.de/tikiwiki/tiki-index.php?page=USBFlashMedia for more info.
HELP_STEXT

It should read:

# Help
: << HELP_STEXT
Options:
    -c           Temporary directory to build image in.
    -k           Keep temporary directory used to build image.
    -l  <label>   Use  to indenify boot partition.
    -o  <outfile> Write to outfie
    -d,-m,-r     Included for fake support of default mkinitrd script
                 (anything passed to them is discarded).
                 
See http://www.saout.de/tikiwiki/tiki-index.php?page=USBFlashMedia for more info.
HELP_STEXT

The next error is on line 148, and currently reads:

echo "Copy custom init over."
# Copy custom init file.  (see below)
cat <$CRAMFSDIR/sbin/init

It should read:

echo "Copy custom init over."
# Copy custom init file.  (see below)
cat <<EOF >$CRAMFSDIR/sbin/init

Thats all I've found so far but I will post more fixes as I find them.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 15 Sep 2005 at 02:36

And there is changed them when i didn't want it too.

What I meant to say is the bug is caused by useing < and > around words in the text. The browser assumes its html and they get hidden from view.

So after every preview you have to change < and > back to & lt; and & gt; (spaces added so they dont get processed) in the text input window.

[ Parent | Reply to this comment ]

Posted by Anonymous (192.100.xx.xx) on Wed 28 Sep 2005 at 15:03
I get everything mostly ok during the installation, except that when running grub-install /dev/sda it says that the device is not on the BIOS.

It seems ok since i manage to get to grub.

However, while booting it reaches when RAMDISK is mounted, and cramfs is read and mounted as root. At that point, it says it cannot find /sbin/init and dies there.

Any ideas?

I am using current sid with 2.6.12-1-686 kernel. If more information is needed, i can post it here or by mail: mooch (a) debian ! org

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Wed 28 Sep 2005 at 18:23

Did you make the corrections to mkinitrd.dmcrypt-usb as detailed in: http://www.debian-administration.org/articles/179#comment_28 ?

[ Parent | Reply to this comment ]

Posted by Anonymous (80.186.xx.xx) on Thu 29 Sep 2005 at 08:08
There is no such page:

404
The page you were looking for could not be found.

[ Parent | Reply to this comment ]

Posted by Anonymous (80.186.xx.xx) on Thu 29 Sep 2005 at 08:10
Oops!

Sorry, too fast following the link instead of reading. ;)

Yes, I did, and it does not seem to help in any way.

[ Parent | Reply to this comment ]

Posted by Anonymous (213.219.xx.xx) on Thu 29 Sep 2005 at 10:48

It seems to be a problem with using ldd to find the libraries to copy over to the initrd image. The output of the new version of ldd is different and ld-linux.so.2 is not copied to the image.

Modify the the mkinitrd.dmcrypt-usb:

...
# Copy /bin binaries over and any require libraries.
files_bin="bash grep mount umount mkdir mknod sed sleep uname"
for file in $files_bin ; do
    install /bin/$file $CRAMFSDIR/bin/$file
    for lib in $( ldd /bin/$file | awk '{print $3}' | grep -v fffe000 ) ; do
        install -d $CRAMFSDIR/${lib%/*}
        install $lib $CRAMFSDIR/$lib
    done
done

# copy ld-linux by hand because it is not matched in the
# previous for loop with newer version of ldd
install /lib/ld-linux.so.2 $CRAMFSDIR/lib
...

I can be reached at dam-at-cosinux-dot-org

[ Parent | Reply to this comment ]

Posted by Anonymous (192.100.xx.xx) on Thu 29 Sep 2005 at 14:26
Also, I had to copy the /dev/tty* files or otherwise it would not open the login tty.

Now it is working. Thanks!

[ Parent | Reply to this comment ]

Posted by Anonymous (213.86.xx.xx) on Fri 30 Sep 2005 at 17:00
Good article. Has anyone had an issue with initrd kernel panic due to 'No init found'. initrd troubleshooting is not my forte...

[ Parent | Reply to this comment ]

Posted by Anonymous (212.201.xx.xx) on Wed 5 Oct 2005 at 21:34
I have the same problem. The kernel mounts the cramfs readonly, frees
unsused kernel memory and then fails to find /sbin/init. :-(

[ Parent | Reply to this comment ]

Posted by Anonymous (213.86.xx.xx) on Thu 6 Oct 2005 at 11:19
I seem to have resolved this through whacking the initrd images and rerunning the mkinitrd script. So now I get as far as mounting the rootfs before I get the following:

initrd: attempting to mount rootfs.
Command failed: Block device required
Kernel panic: Attempted to kill init!

Mounting it on my local machine gives the following nugget from dmesg when
I try and mount /dev/mapper/rootfs:

cramfs: wrong magic

Has anyone seen/solved this?

[ Parent | Reply to this comment ]

Posted by Anonymous (213.86.xx.xx) on Thu 6 Oct 2005 at 12:09
And the wrong magic was my fault. I forgot to mkfs.ext2 /dev/mapper/rootfs after re-organizing the partitions on my key. However, the issue with the rootfs mount failing remains. It works fine on my regular debian box but fails during initrd.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 6 Oct 2005 at 20:57

If its failing to find /sbin/init, did you apply the patches to mkinitrd.dmcrypt-usb listed in Comment #28 and in Comment #40?

[ Parent | Reply to this comment ]

Posted by Anonymous (213.86.xx.xx) on Fri 7 Oct 2005 at 12:06
Hi. Yes I applied the fixes in Comment #28 and #40. So /sbin/init is found and processed. I get as far as the password prompt and get a kernel panic when rootfs tries to mount onto /mnt. I'm installing onto a Sandisk Cruzer Mini 1GB. Others have managed this succesfully so I suspect I'm doing something subtly wrong.

[ Parent | Reply to this comment ]

Posted by Anonymous (213.240.xx.xx) on Sat 8 Oct 2005 at 03:12
When I boot from USB :
with the grub title Debian GNU/Linux-2.6.12-1-386 I receive black screen and nothing happen.
with the grub title Debian GNU/Linux-2.6.12-1-386 (Rescue/Single) I receive the error :

kernel panic not syncing: no init found. Try passing init= option to kernel

Any help please ?
Thank you.

[ Parent | Reply to this comment ]

Posted by Anonymous (213.240.xx.xx) on Sat 8 Oct 2005 at 14:03
Yes I apply the patches to mkinitrd.dmcrypt-usb listed in Comment #28 and in Comment #40.

Can someone help me what is wrong ?

Thank you.

[ Parent | Reply to this comment ]

Posted by Anonymous (213.240.xx.xx) on Sat 8 Oct 2005 at 21:33
Thanks to all, I resolve the problem !

[ Parent | Reply to this comment ]

Posted by Anonymous (213.202.xx.xx) on Mon 17 Oct 2005 at 17:17
Hi!

It seems that I have the same problem. I applied the patches, but it still doesn't find /sbin/init. How did you solve the problem?

[ Parent | Reply to this comment ]

Posted by Anonymous (80.98.xx.xx) on Thu 10 Nov 2005 at 09:06
Anyone succeeded with EPIA system ? I got it work at different systems, but in a VIA EPIA-M it reboots after loading the initrd image.

[ Parent | Reply to this comment ]

Posted by Anonymous (80.222.xx.xx) on Sun 4 Dec 2005 at 19:25
debian-laptop:~/src# cryptsetup create -y rootfs /dev/sdb2
Enter passphrase:
Verify passphrase:
Command failed: Invalid argument

even after rebuild# apt-src build libdevmapper1.01 dmsetup

debian-laptop:~/src# uname -a
Linux debian-laptop 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux

do I need 2.6 kernel?

thanks Mike.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Mon 12 Dec 2005 at 22:10
Yes, 2.6.11 or newer.

[ Parent | Reply to this comment ]

Posted by Anonymous (80.249.xx.xx) on Fri 13 Jan 2006 at 14:11
I've tried "apt-get install kernel-image-2.6.11-1-686" numerous times but always get back:

E: Couldn't find package kernel-image-2.6.11-1-686

Can some one provide me with a working entry for my sources.list? Thanks.

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 13 Jan 2006 at 16:03

OK, if you can't find that kernel image, you can use apt-cache to determine what is available in your sources. For example:

user@host { ~ }$ apt-cache search kernel-image
comedi-source - Comedi kernel module source
ieee80211-source - Source for the 802.11 (wireless) network stack for Linux
kernel-image-netbootable - net-bootable kernel for use with diskless systems
kernel-package - A utility for building Linux kernel related Debian packages.
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
linux-image-2.6.15-1-amd64-generic - Linux kernel 2.6.15 image on all x86-64 machines
linux-image-2.6.15-1-amd64-k8 - Linux kernel 2.6.15 image on AMD64 K8 machines
linux-image-2.6.15-1-amd64-k8-smp - Linux kernel 2.6.15 image on AMD64 K8 SMP machines
linux-image-2.6.15-1-em64t-p4 - Linux kernel 2.6.15 image on Intel em64t P4 machines
linux-image-2.6.15-1-em64t-p4-smp - Linux kernel 2.6.15 image on Intel em64t P4/Xeon SMP machines
rt2400-source - RT2400 wireless network drivers source
rt2500-source - RT2500 wireless network drivers source
acx100-source - ACX100/ACX111 wireless network drivers source
ipw2100-source - source for the ipw2100 driver
kernel-image-2.6.8-10-amd64-k8 - Linux kernel image for version 2.6.8 on AMD64 systems
kernel-image-2.6.8-11-amd64-k8 - Linux kernel image for version 2.6.8 on AMD64 systems
user@host { ~ }$ 

And we can see that in my sources, the current kernel-image version is 2.6.15-1, and that there are 4 versions available.

However, for most systems, you will want -686 or -386.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.178.xx.xx) on Fri 20 Jan 2006 at 17:38
Hi all,

I've run into trouble with this procedure. It seems to revolve around grub, as I cannot boot from my USB-key. I just get a message telling me to insert a system disk (and yes, the BIOS is set to boot from USB-ZIP, and only from USB-ZIP).

When I hit step 19, I did (from inside the chroot jail):
apt-get install grub
grub-install /dev/sda
mkdir /boot/grub
grub

The recommended "root (hd1,0)" and "setup (hd1)" didn't work for me (sorry, I didn't write out the error ... "drive not found" I think. I quit, and finished the rest of the setup.

Later, I remounted the rootfs to /mnt/buildroot and then remounted /dev/sda1 to /mnt/buildroot/boot. I ran grub and, by this time, knew that I could hit TAB to complete the hd info (I normally use LILO ... does it show?). Anyway, I did:
root (hd0,0)
setup (hd0)
quit

That seemed to go OK, but, not knowing grub well, I didn't know how to check except by trying to boot from the key. No. Same problem.

I could use some advice. Thanks. BTW, here is my menu.lst:

# default num
default 0

# timeout sec
timeout 5

# pretty colours
color green/black black/green

title Debian GNU/Linux-2.6.15-1-686
root (hd0,0)
kernel /vmlinuz-2.6.15-1-686 root=/dev/ram0 init=/sbin/init vga=794
initrd /initrd.img-2.6.15-1-686
savedefault
boot

title Debian GNU/Linux-2.6.15-1-686 (Rescue/Single)
root (hd0,0)
kernel /vmlinuz-2.6.15-1-686 root=/dev/ram0 init=/sbin/init single
initrd /initrd.img-2.6.15-1-686
boot

title Memtest86+
root (hd0,0)
kernel /memtest86+.bin
boot


[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 20 Jan 2006 at 17:54
USB-Zip is only one type of bootable USB. Other formats are USB-HD and USB-Floppy. So it could be that your usb key is a format that your mainboard can't boot too.

Additionally, not all USB keys are bootable. It's possible you have a model that can't be used for this.

For more information on both, you need the check the manufacturer specs for your usb key.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.178.xx.xx) on Fri 20 Jan 2006 at 17:45
I love the idea of having a bootable OS on a flash drive, but I didn't want to give up having a drive I could use to move files between Windows machines. So I added a third partition to my device.

Here's my problem ... Windows refuses to recognize that partition. In fact, it tells me that the whole key is unformatted and offers to format it (which I presume would trash the Debian install ... stupid windows).

So I've tried a number of ways of formating the drive under linux. For example I've done "mkfs.vfat" and "mkfs.vfat -F 32". I've used fdisk to ensure that the partition ID is set to W95 FAT32 (ie 0x0b). Still no luck. Setting the ID to FAT16 (0x06) is no better.

Do any of you know if Windows XP is even capable of passing over two non-MS partitions to read a third? If so, how can I set up my drive to take advantage of this? Thanks!

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 20 Jan 2006 at 18:14
Ok, I dont run WinXP so I couldn't test this myself but I asked a few friends and they report using dual partitioned usb keys with linux and winXP all the time.

Perhaps the only difference is they generally put the fat32 partition first.

You might try that, then modify grub and the loader to the new partitions.

[ Parent | Reply to this comment ]

Posted by lukestuts (148.197.xx.xx) on Fri 3 Feb 2006 at 15:07
I'm experiencing difficulties when booting into my system. Having applied the comment patches after a few false starts, I got through the installation process with no errors except a complaint from mount -a about /etc/network/run linking to a non-existent device. When I successfully booted off the USB media, I got the following errors:

FATAL: Module unknown not found
mount: Mounting /dev/ram0 on /root failed: No such device
Mounting /root/dev on /dev/.static/dev failed: No such file or directory
Mounting /sys on /root/sys failed
Mounting /proc on root/proc failed
Target filesystem doesn't have /sbin/init
/bin/sh: can't access tty; job control turned off

I'm then left in what looks like a single user prompt with no clue what went wrong. A quick look in /dev told me that /dev/ram0 and the tty devices were present although I couldn't say if they were working or not. lsmod wasn't available.

I installed kernel-image-2.6.15-1-686.

Any help would be very much appreciated!

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 3 Feb 2006 at 15:47
OK, this is a guess, and I'll need to do some testing to confirm it but I suspect the one of the problems is udev and the fact that debootstrap doesn't install it by default.

Also with 2.6.15+ you need to make sure udev version 0.071 or greater is installed.

Next using /root/ as the name of a directory other than roots home directory is dangerous and bound to cause problems

[ Parent | Reply to this comment ]

Posted by Anonymous (86.142.xx.xx) on Fri 3 Feb 2006 at 23:17
Thanks for the reply! I've been working on it for a while now but it's finally defeated me. After making a new initrd and rebooting, I keep getting the error
initrd: attempting to mount rootfs.
device-mapper: ioctl interface mismatch: kernel(4.4.0), user(1.0.0), cmd(0)
Command failed: Invalid argument
Kernel panic: Attempted to kill init!
I've narrowed it down to this line
echo \$pass | /sbin/cryptsetup create rootfs \$part_rootfs
. I've got no idea what the device-mapper error means and the Google results are no help. I've got udev 0.084-1 and libdevmapper1.02 installed. I don't know how to find out which command failed and what the invalid argument was so I'm a bit stuck.

[ Parent | Reply to this comment ]

Posted by Anonymous (70.20.xx.xx) on Sat 4 Feb 2006 at 02:06
I had exactly the same problem. I even tried changing the version numbers both to 4 manually (which got rid of the device-mapper: ioctl interface mismatch error) but it didn't buy me anything else... I never figured it out after a few days of messing around- so now I'm trying to do a non-encrypted debian install on the usb-flash with a very similar setup (but no device-mapper to error out hopefully).

-I have an EPIA system too, and it reboots too :( There is supposedly a bios upgrade that fixes some DMA transfer lock up bugs, its a long shot but hopefully that will fix the EPIA issue?

[ Parent | Reply to this comment ]

Posted by Anonymous (70.20.xx.xx) on Sat 4 Feb 2006 at 03:37
I got the system to boot a non-encrypted file system... Not as exciting I know, but at least I didn't have to throw away all the work when I couldn't get it to work encrypted with kernel 2.6.15-1... Just modify the mkinitrd script and take out references to dev-mapper, control, rootfs and such... then replace the line where it mounts /dev/mapper/rootfs with /dev/sda2 or whatever your root partition is... you don't have to apt-get all the dmcrypt stuff either, but you do need to apt-get the discover1 stuff... only quirk here, i have to pull my usb stick out after it is first detected, then stick it back in before the 15 seconds of sleep ends for it to actually find the sda1 and sda2 partitions?? odd...

as for the EPIA deal, it turns out I had selected the wrong processor type (Nehemia), it should actally be the CyrixIII (or 586 class) chip - works great, no moving parts 25 watt total power system! :)

But it isn't encrypted... :(

[ Parent | Reply to this comment ]

Posted by lukestuts (148.197.xx.xx) on Tue 7 Feb 2006 at 09:47
Right - I've finally got it working at the expense of most of my weekend. The unfixable problem (for me) was to do with udev - the instructions above do not allow for the fact that the latest version of the Debian unstable kernel requires udev. Fixing this is beyond me but doubtless someone else will step forward (Dave?). Maybe all that needs to be done is to alter the mkinitrd script so that the udev bits and pieces are in the ram disk. How I got it working was to not use sid but to use sarge instead. This meant I was installing the 2.6.8-2-686 kernel which is less than ideal. For the process to succeed using sarge, it is essential to:

1) Read all the comments first to make sure the mkinitrd script you create is correct.

2) Make sure you run mount -t proc none /proc in the chroot before you run mount -a.

3) Make sure that all necessary devices are in place before mkinitrd is run (ie. before you install the kernel in the chroot environment). To fix this, I suspect the most efficient way is to go to /dev in the chroot and run ./MAKEDEV. I found I had difficulties with the serial devices /dev/sd* and the tty terminals /dev/tty[1-6]. I replaced them by leaving the chroot and doing cp -ap /dev/ /mnt/buildroot/dev.

4) Remember that umount -a will not work properly when setting up the system for the first time. To properly unmount and avoid "device is busy" errors, you must proceed in the following order while in the chroot:

cd /
umount /boot/
umount /etc/network/run
umount /tmp
umount /var/lock
umount /var/log
umount /var/run
umount /var/tmp
umount /home/luke/Scratch
umount /proc
exit
cd /
umount /mnt/buildroot/boot
umount /mnt/buildroot
cryptsetup remove rootfs
OK, 4) isn't essential if you sync before you reset but I like it :7). If I get time, I'd like to post a revised version to my LUG's wiki. I've learnt a lot - thanks Dave!

[ Parent | Reply to this comment ]

Posted by Anonymous (81.179.xx.xx) on Tue 21 Feb 2006 at 22:05
Anyone found a solution to the udev problem that will let us use the unstable (2.6.15) kernel yet? I'm still having no luck and would prefer not to go the sarge route.

[ Parent | Reply to this comment ]

Posted by Anonymous (83.95.xx.xx) on Thu 23 Feb 2006 at 18:35
Hi all,

I had exact the problem

initrd: attempting to mount rootfs.
device-mapper: ioctl interface mismatch: kernel(4.4.0), user(1.0.0)

A more verbose output of cryptsetup showed that the problem seems to be in cryptsetup and libdevmapper. So I gave it a try and copied the cryptsetup binary and the libdevmapper library of the host (with which I had set up the encrypted rootfs) into the bootstrapped rootfs. I executed the mkinitrd.dmcrypt script, rebooted and now it works.

Hope it helps you guys too...

[ Parent | Reply to this comment ]

Posted by wilbo (193.220.xx.xx) on Mon 27 Feb 2006 at 10:01
Hi i installed debian sarge to a hdd then started to follow this guide, i changed the mkinitrd.dmcrypt-usb (step 20) and followed step 66 as well. i compiled the kernel and got these errors when i ran:

mkinitrd -o /boot/initrd.img-2.6.15.2 2.6.15.2

FATAL: Module sd_mod not found. possible scsi-disk in cdrom
FATAL: Module sr_mod not found. possible ide-scsi in cdrom
FATAL: Module ehci_hcd not found.
FATAL: Module usbhid not found.
FATAL: Module usbkbd not found.
FATAL: Module usb_storage not found.
FATAL: Module vesafb not found.
FATAL: Module ext2 not found.
FATAL: Module unix not found.

so continued on ...

i noticed in grub was different so i changed it to the following:

title Debian GNU/Linux-2.6.15.2
root (hd0,0)
kernel /boot/vmlinuz-2.6.15.2 root=/dev/ram0 init=/sbin/init vga=794
initrd /boot/initrd.img-2.6.15.2
savedefault
boot

should i use /boot infront of vmlinuz and initrd? and should i use hdd instead of sda?

the problem was that i finished the guide rebooted from the usb, it said booting grub... then came into the grub console??

Thanks Heaps

William

[ Parent | Reply to this comment ]

Posted by wilbo (193.220.xx.xx) on Mon 27 Feb 2006 at 13:39
Solved the problem for now just used the apt-get install kernelimage-2.6.8-2 command ;) now all works well thanks. Will try again with newer keneral later.

Just a quick one, how can i make it so it puts the password in automatically at startup? This is so the machine can boot automatically and not need a password and the filesystem is still encrypted so no one can copy it.

Many Thanks

William

[ Parent | Reply to this comment ]

Posted by wilbo (193.220.xx.xx) on Mon 27 Feb 2006 at 22:40
Almost got it working using debian sarge with a epia mini-itx motherboard. reboot the system and it loads grub. although the menu doesnt appear:
grub>
so i type in "configfile /grub/menu.1st" and the menu appears and continues to boot :) so now i have a bit of a problem grub isnt finding the menu.1st file? and it doesnt automatically boot - it needs a password?

many thanks, william

[ Parent | Reply to this comment ]

Posted by pichuco (217.189.xx.xx) on Sun 17 Dec 2006 at 13:03
This didn't help me here:

I'm using etch for both systems, the host with which I create the crypted rootfs
and the system on the usb boot device:

# dpkg -l cryptsetup libdevmapper1.02
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-ins talled
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-=============================== =============
ii cryptsetup 1.0.4-8 configures encrypted block devices
ii libdevmapper1. 1.02.08-1 The Linux Kernel Device Mapper userspace lib


The only difference is that I'm using a self compiled kernel on the host and
the 2.6.18 one provided by etch.

Peter

[ Parent | Reply to this comment ]

Posted by brendan (24.226.xx.xx) on Wed 8 Mar 2006 at 05:48
I may be wrong, but I think the problem with the 2.6.15 kernel is in the installation, not in the actual script or udev.

----

BRSIbm:~# sudo apt-get install linux-image-2.6.15-1-686-smp
Reading package lists... Done
Building dependency tree... Done
Suggested packages:
linux-doc-2.6.15 linux-source-2.6.15 lilo fdutils
Recommended packages:
libc6-i686
The following NEW packages will be installed:
linux-image-2.6.15-1-686-smp
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 0B/15.7MB of archives.
After unpacking 45.1MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package linux-image-2.6.15-1-686-smp.
(Reading database ... 16541 files and directories currently installed.)
Unpacking linux-image-2.6.15-1-686-smp (from .../linux-image-2.6.15-1-686-smp_2.6.15-8_i386.deb) ...
Done.
Setting up linux-image-2.6.15-1-686-smp (2.6.15-8) ...
Running depmod.
Finding valid ramdisk creators.
Using mkinitramfs-kpkg to build the ramdisk.

----

It's using mkinitramfs-kpgk instead of Dave's script, and so it's not actually putting any of the necessary modules into the image.

When installing 2.6.8, everything works well:

----

...
Unpacking replacement kernel-image-2.6.8-2-686-smp ...
Setting up kernel-image-2.6.8-2-686-smp (2.6.8-16sarge1) ...
Build directory tree.
Copy binaries from /bin.
Copy binaries from /usr/bin.
Copy binaries from /sbin.
Copy devices over.
cp: cannot stat `/dev/initrd*': No such file or directory
cp: cannot stat `/dev/scd*': No such file or directory
Copy modules over.
FATAL: Module sl811_hcd not found.
Copy /etc files over.
Copy custom init over.
Directory data: 10292 bytes
Everything: 2600 kilobytes
Super block: 76 bytes
CRC: 641b65c2
Not touching initrd symlinks since we are being reinstalled (2.6.8-16sarge1)
Not updating image symbolic links since we are being updated (2.6.8-16sarge1)

----

None of these errors are particularly important, and everything works ok with 2.6.8, but it'd be nice to get 2.6.15 working.

I've been looking into it, but it seems to me that the 2.6.15 kernel package uses a different default ramfs packager, and it's skipping over the custom script.

Thoughts? Cheers,
Brendan

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Fri 10 Mar 2006 at 04:08
You're right, its time for an update and I am working on it (slowly) in the background.

From some feedback that I've gotten from other sources, some people would like more detailed discussions of why some of the steps are what they are so that they can better adapt the howto to their individual circumstances. So the next howto should be significantly longer and more involved (currently exploring udev and yaird).

I'd also like to do a version for Debian Etch and one for Sid. Maybe the Etch version could be "stable" and usable for a little longer. lol.

Dave.

[ Parent | Reply to this comment ]

Posted by rickbronson (24.21.xx.xx) on Sat 11 Mar 2006 at 23:50
Dave,

I got pretty far in you great instructions but I didn't want encryption
and only wanted one partition on the USB key. Well, I guess I should have
stuck with exactly what you did because while a lot of it worked I had problems
with grub and mkinitrd. I also found that I couldn't do:

mount /dev/sda1 /mnt/buildroot
debootstrap --arch i386 sid /mnt/buildroot

But instead had to do:

debootstrap --arch i386 sid ~/in/buildroot http://debian.osuosl.org/debian
mkdir -p /mnt/buildroot
mount /dev/sda1 /mnt/buildroot
cp -prd ~/in/buildroot/* /mnt/buildroot

When I did the former it would hang (like over 4 hours) and the LED on the USB would flash continuously.

Anyway, I'd encourage you to brush up what you have here and maybe mark
the steps required for encription for those that don't want it. Maybe add info on using lilo since I did get that working.

Thanks for all the great info!

Rick Bronson

[ Parent | Reply to this comment ]

Posted by Anonymous (24.8.xx.xx) on Sun 12 Mar 2006 at 05:48
Thanks for the input, I'll look into add lilo, and unencrypted parts.

Dave

[ Parent | Reply to this comment ]

Posted by Anonymous (24.226.xx.xx) on Sun 12 Mar 2006 at 04:48
Any thoughts on TrueCrypt?

Personally I like the standard cryptsetup better to use on the command line, but as I understand there are some advantages to TrueCrypt. It uses the user's passphrase to encrypt the key, which is stored in the first 1024k or so with the file system header. The advantage is that it is possible to change the passphrase on the disk, which is not possible with dm-crypt, afaik.

On the other hand, it has to be compiled for the kernel, so it might be a pain to set up. It still uses dev-mapper, so the majority of the steps would be the same, and it could even be an optional step.

Brendan

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sun 12 Mar 2006 at 05:55
Well I hadn't thought about TrueCrypt but the password issue has been on my list of problems.

While there is a process for changing a password with cryptsetup it is involved and high risk. To address this, I will most likely use the Linux Unified Key Setup enhanced version of cryptsetup (http://luks.endorphin.org/), which is currently packaged with Debian Sid. It not only allows you to change passwords with relative ease, it has support for multiple passwords so multi-user support will be easier.

At one time there was discussion of TrueCrypt supporting LUKS partitions but I dont know for sure if they ever implemented it. I will add TrueCrypt to my notes of things to look into.

Thanks for the input.

Dave

[ Parent | Reply to this comment ]

Posted by rickbronson (24.21.xx.xx) on Sun 12 Mar 2006 at 16:12
Dave,

Here is what I have for lilo instructions, in case you wanted to use them.

If you'd like a beta tester when you brush up your notes, I'd be happy to help out. Just sent them to rick (at) efn ! org

Rick

# To use LILO, do the following (NOTE: kernel name and
# "/dev/sd??" might have to change

apt-get install lilo

cat > /etc/lilo.conf << EOF
bitmap=/boot/sid.bmp
bmp-colors=1,,0,2,,0
bmp-table=120p,173p,1,15,17
bmp-timer=254p,432p,1,0,0
install=bmp

default=sid

# install=menu
map=/boot/map
vga=normal
delay=20
image=/boot/vmlinuz-2.6.15-1-486
label=sid
root=/dev/sda1
read-only
initrd=/boot/initrd.img-2.6.15-1-486
EOF

lilo -M /dev/sda # install MBR
lilo -b /dev/sda # install lilo

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sun 12 Mar 2006 at 16:28
Thanks! :)

I'll definitely find a home for your lilo instructions and keep you in mind when its testing time.

Dave

[ Parent | Reply to this comment ]

Posted by DaveV (128.2.xx.xx) on Thu 6 Apr 2006 at 03:43
If you're still interested in beta testing, I have a new version of my howto.

This one is for a very basic install, no encryption or anything fancy.

You can see it at http://www.feraga.com/click/25/0.

Thanks!

[ Parent | Reply to this comment ]

Posted by Anonymous (24.21.xx.xx) on Tue 11 Apr 2006 at 04:24
Dave,

Yes I do want to! I tried it and have some comments:

If I do this:

mount -t ext2 /dev/sda1 /mnt/buildroot
debootstrap --arch i386 sid /mnt/buildroot

It totally locks up and I have to hit the reset button on the computer. Really. lsof on /mnt/buildroot shows a process that cannot be killed. I can only think that it's a bug in my 2.6.15-rc7-git4 USB driver. Anyway, it's bad enought that I'd like to propose a work around:

mkdir -p /mnt/buildroot /tmp/getroot
debootstrap --arch i386 sid /tmp/getroot http://debian.osuosl.org/debian
mount /dev/sda1 /mnt/buildroot
cp -prd /tmp/getroot/* /mnt/buildroot
chroot /mnt/buildroot/ /bin/su -

This works fine.

The first chunk of lilo.conf is missing. It should read:
-----------------------------------
boot=/dev/sda
root=/dev/sda1
compact

bitmap=/boot/sid.bmp
bmp-colors=1,,0,2,,0
bmp-table=120p,173p,1,15,17
bmp-timer=254p,432p,1,0,0
install=bmp
... etc, etc
-----------------------------------


I don't seem to have a /etc/kernel-img.conf

Then when I get done and try to boot off of the thumb drive, it just goes into busybox and stops. I don't seem to have any real file system. Any ideas here?

Rick

[ Parent | Reply to this comment ]

Posted by Anonymous (71.212.xx.xx) on Fri 14 Apr 2006 at 22:35
Editting the howto for the singular specific case of your suspected buggy driver would be inappropriate. However if you would like to sumbit a Tip for the Tips&Tricks section that would be acceptable.

The Lilo configuration has been corrected, thank you.

Regarding your issue, if the system is stopping in busybox, the most likely problem is a misconfigured lilo or grub. Check to be sure the root device is set correctly in their configuration files. I have made and corrected mistakes there.

And last but not least, for faster response please submit these comments into the forums on http://feraga.com, I monitor those for updates far more often than I do the comments here.

Thanks,

Dave

[ Parent | Reply to this comment ]

Posted by Anonymous (68.53.xx.xx) on Sat 6 Jan 2007 at 02:22
I had the same problem google search gave this page, and I have been here before. This thread is getting very long ;-)

Anyway I used debian etch (1/5/2007), and kernel 2.6.19.1.

I had the exact same error you had. For some reason I got lucky and got the error that it could not find these modules - blkcipher and cbc - these are in

/lib/modules/2.6.19.1/cbc.ko
/lib/modules/2.6.19.1/blkcipher.ko

After adding these to the modules that needed to be loaded everything worked like a charm.

Thanks for this excellent thread. I have to give it a try with mkinitramfs next. I used a highly modified version of the usb initrd that was on the dm-crypt wiki.

Have fun.

[ Parent | Reply to this comment ]

Posted by Anonymous (87.2.xx.xx) on Tue 21 Mar 2006 at 13:25
Thankyou for this resource, great work! I have installed sarge on a 1 GiB VERBATIM USB Key starting from Debian/Sarge (kernel 2.6.8-2-686).

The problem I have found is that "parted" doesn't make a bootable partition at first so I have solved it by using cfdisk before rebooting from the USB Key.

bye

paquin

[ Parent | Reply to this comment ]

Posted by DaveV (128.2.xx.xx) on Thu 6 Apr 2006 at 03:40
Nice catch, the "fixed" parted command should be:
parted /dev/sda "mklabel msdos mkpartfs primary ext2 0 -0 set 1 boot on"

Thanks.

[ Parent | Reply to this comment ]

Posted by Anonymous (82.56.xx.xx) on Wed 12 Apr 2006 at 13:41
2.2GB it's better than 1 :-) After "1GB Store'n'Go Verbatim" I had a successful install on a BTC 2.2GB Mobile Storage Drive.

more info from dmesg:
---------------------

scsi1 : SCSI emulation for USB Mass Storage devices
Vendor: Genesys Model: USB to IDE Disk Rev: 0033
Type: Direct-Access ANSI SCSI revision: 02
Attached scsi generic sg1 at scsi1, channel 0, id 0, lun 0, type 0
USB Mass Storage device found at 3
SCSI device sda: 4194303 512-byte hdwr sectors (2147 MB)
sda: assuming Write Enabled
sda: assuming drive cache: write through
/dev/scsi/host1/bus0/target0/lun0: p1 p2
Attached scsi removable disk sda at scsi1, channel 0, id 0, lun 0

bye

paquin

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Thu 6 Apr 2006 at 03:57
First I want to thank Debian-Administration.org for hosting this howto for me.

As I've mentioned before I've been working on a new version of the howto. Although, I guess I should say "versions" because i've had a lot of requests for other media or configuration options.

Additionally I've been testing several other groups that make usb installations and for the most part I've been disappointed with them all.

So with that in mind, I've started a website to host the discussion of howto make and configure a usb based debian install. The long term goal is to create a custom debian distribution like Knoppix that focuses on removable media installs.

You can find it at: http://feraga.com

There will be lots of changes over the next few weeks so bear with us as we grow.

Thanks again to Steve Kemp, Debian-Administration.org, and everyone who has read & supported this howto. I look forward to seeing some (or all) of you over on http://feraga.com.

Dave Vehrs

[ Parent | Reply to this comment ]

Posted by dirwiz (71.246.xx.xx) on Sun 7 May 2006 at 14:16
Dave,
Great article. I am looking for a way to install Debian on a usb drive without encryption. I've seen tons of posts but have not located a definitive article with some basic steps.

Can you give a KISS article on how to set one of these things up?

Here are some simple goals:
Basic load of Debian on USB drive.
Something simple like one partition (/) and maybe a swap drive but a swap drive may wear out flash drives.
Tips on how to keep writing to the drive at a minimum (for flash drives). ie. log files, swap files etc.

Many thanks
Eric

[ Parent | Reply to this comment ]

Posted by Anonymous (71.212.xx.xx) on Sun 7 May 2006 at 14:59
At http://feraga.com we have howtos for both encrypted and unencrypted installs on USB. I'm currently looking into adding a cryptoloop example so there may soon be three howtos.

Additionally, we're trying to explore the other issues involved with installing on removable media as we can. Check it out, I think you'll find what you're looking for.

Dave

[ Parent | Reply to this comment ]

Posted by dirwiz (71.246.xx.xx) on Sun 7 May 2006 at 15:09
Very informative, but WAY to many steps. I've been able to run the std Debian install CD to load the files onto the flash drive. Grub seems to work. However after the boot I get the 'ol pivot table error etc...

I'm looking for the easy instructions. For example what do I do to the USB drive after the installer has finished.

[ Parent | Reply to this comment ]

Posted by Anonymous (87.69.xx.xx) on Sat 3 Jun 2006 at 10:11
I follow the instructions, and up to the gruo stuff every thing went well.
When I'm trying to execute: "grub-install /dev/sdb" it doesnt find any /dev/sd? drives. I also tried to do it outside the jail, but then I got the message: "/dev/sdb does not have any corresponding BIOS drive."

any idies?

thanks,
Rotem.

[ Parent | Reply to this comment ]

Posted by Anonymous (62.180.xx.xx) on Tue 13 Jun 2006 at 13:03
i had the same problem. The solution is so simply, that i did not care to note it down... Sorry. It has something to do with grub itself. You might want to copy the devices over and have a look into the grub directory. If you delete one file there it'll work.

Yeah: Which one... sorry, I cannot remember.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.208.xx.xx) on Tue 20 Jun 2006 at 15:14
maybe you mean the file "device.map" ?

[ Parent | Reply to this comment ]

Posted by jaalkab (148.243.xx.xx) on Wed 16 Aug 2006 at 18:44
Dear DaveV,

I saw other of your articles at http://feraga.com/node/25 (is the same but without the crypted install description for 512MB and 1 GB flash memories) the problem is the server is not on line now, i really apreciate a copy of that article, can you send me to jaalkab(at)gmail.com

thank you in advanced, best regards

J

En busca de un sueño
tallaron la piedra
En busca de un sueño
Dios vino a la tierra

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Wed 16 Aug 2006 at 20:03
I just checked the server and its responding from here and I've paid up the contract on it for the next year. So except for normal outages thats where it will be.

I'm working on a tool to automate the installation, and the unencrypted version should be out soon.

Dave

[ Parent | Reply to this comment ]

Posted by jaalkab (148.243.xx.xx) on Wed 16 Aug 2006 at 20:54
Yes, the server is on-line now, thank you for the quick answer, great job

best regards
J

--
En busca de un sueño
tallaron la piedra
En busca de un sueño
Dios vino a la tierra

[ Parent | Reply to this comment ]

Posted by Anonymous (212.55.xx.xx) on Sat 2 Sep 2006 at 16:42
It nearley worked.

I had a initrd.img which could find /sbin/init two weeks ago. Sadly, this one lacked /dev/sd* so it couldn't find the partitions ever.

I tried to fix this a little later, and it couldn't find /sbin/init anymore. I the realized, that debian had switched from initrd to initramfs.

Now the kernel most probably can't work with initrd-images, and mkinitramfs of course produces ramdisks with no idea what to do with the encrypted partitions.

[ Parent | Reply to this comment ]

Posted by Anonymous (85.68.xx.xx) on Tue 17 Oct 2006 at 14:51
Step 10 simply fails with /bin/su does not exist ! I tried the default one, and others but chroot refuses to work :( bad.

If someone can says something about this !

[ Parent | Reply to this comment ]

Posted by tvtalkshowshigh (131.227.xx.xx) on Sat 25 Nov 2006 at 01:49
Simply log into a terminal as root in the first place and then you'll be able to chroot to where ever you like. i had problems with /bin/su as well.

Does anyone know where i can find a version of this without the encryption? i just want to run Debian on a usb falsh drive but if i use the installer i get GRUB error 18. I've tried working my way though this HOWTO but get confused by all the encryption stuff, which i don't need anyway.

thanks in advance.

[ Parent | Reply to this comment ]

Posted by phoenixfawkes (69.51.xx.xx) on Sat 9 Dec 2006 at 17:32
I have used the Etch net installer to create a bootable USB key. I would have to run this again to be certain - but it seems I just specified the whole usb drive as one partition. I did a minimal install and then added X.

It will not boot if you choose LVM or Encryption. I have not tried to solve that.

Greg

[ Parent | Reply to this comment ]

Posted by phoenixfawkes (69.51.xx.xx) on Sat 9 Dec 2006 at 17:45
I see that several of you have encountered the IOCTL mismatch. I have this to the point of booting from the ramdisk - but I don't see how to solve this. Frankly there is not much advice about this - except for bug reports. I built this using SID (I couldn't get Etch to bootstrap the day I started) 2.6.18-3-686.

It seems a shame to get so far and not get this to boot. I suppose I can archive the build with dd and try again.

I have reinstalled libdevmapper (v 1.02) and cryptsetup - as well as the kernel. I am so good at rebuilding the initrd file that I could do it in my sleep. I found some reference to a kernel patch - but that proved fruitless. I have tried to recreate the device control file both by hand and with dmsetup mknodes.

Any other advice?

Greg

[ Parent | Reply to this comment ]

Posted by DaveV (24.8.xx.xx) on Sat 9 Dec 2006 at 17:56
Well you may want to test the newer method I've come up with. It replaces yaird and the hand built initrd files. However its not fully documented yet (unless you read python) but it is working in the automated install tool.

Check it out at: http://feraga.com/project/deb2flash

[ Parent | Reply to this comment ]

Posted by Ropechoborra (200.127.xx.xx) on Sun 14 Jan 2007 at 02:09
Hi, I'm trying to do this with kubuntu edgy. I get theese errors:

When doing mount -a:

mount: special device BEL=PRIVDEB_BOOT does not exist
mount: mount point /etc/network/run does not exist

I've already done "e2label /dev/sdd1 PRIVDEB_BOOT" as a Reply suggests, I've also modified those HTML bugs in mkinitrd.dmcrypt-usb and added what is written in http://www.debian-administration.org/articles/179#comment_40 )

I'm a little lost, i also can't do 'grub-install /dev/sda' (while being in chroot) it returns:

/dev/sda does not have any corresponding BIOS drive.

My fstab is the same as the Howto with "tmpfs /home/(USER)/Scratch tmpfs defaults,noatime 0 0" modifies.

Don't know what else to do.

Find me at: ropechoborra (at) gmail (dot) com

[ Parent | Reply to this comment ]

Posted by Ropechoborra (200.127.xx.xx) on Sun 14 Jan 2007 at 02:12
Ops, mistake
"I've already done "e2label /dev/sda1 PRIVDEB_BOOT" sda instead of sdd ;)

[ Parent | Reply to this comment ]

Posted by ram (202.63.xx.xx) on Mon 15 Jan 2007 at 16:47
Hi


http://gate-bunker.p6.msu.ru/~berk/router.html#DR4

as per the above document
the make go smooth with some errors

when i do make install

i get the following error

can some one help me whats wrong iam doing

make install
/dev/sdb3 labelled as FLASH_BOOT
/dev/sdb1 labelled as FLASH_ROOT
Copying files to flash... cp: cannot stat `/root/work/sarge-router-0.4.2/debootstrap/target/*': No such file or directory
make: *** [install] Error 1

ram

[ Parent | Reply to this comment ]

Posted by Jiashun (169.230.xx.xx) on Thu 15 Feb 2007 at 16:15
I have the same problem, except that I work on Ubuntu edgy, kernel 2.6.17. The version of libdevmapper and dmsetup is 1.02 and cryptsetup's is 1.03. I tried many ways to correct the ioctl error, including copy the host's corresponding file to the usbdisk, and reinstall it with apt-src. None of them works.

Finally I decided to test if I downgrade them to the version used in this tutorial , what will happen. The version used in this tutorial is 1.01. So I have to change the apt source.list to point to Ubuntu breezy and reinstall the libdevmapper and cryptsetup and dmsetup. Then reboot, it works. Magic thing happens and I had my ubuntu on usb.

Excellent tutorial and some of the comments are very helpful!

[ Parent | Reply to this comment ]

Posted by Anonymous (134.130.xx.xx) on Wed 4 Apr 2007 at 17:10
This article is complete nonsense, took me 10 min to get it done, without all that stuff, take vmware workstation, a debian daily amd64 iso and a 4g corsair usb stick, just mounted the iso with vmware and the usb stick 2 with advanced direct disk , booted into the debian installer, killed the standard partitions to get rid of some strange drive lock from xp vmware, rebooted installed the debian etch with luks/lvm and everthing ... worked like a charm ..

[ Parent | Reply to this comment ]

Posted by DaveV (63.227.xx.xx) on Wed 4 Apr 2007 at 18:45
Thats nice that the new Etch installer worked for you in April of 2007. In 2005 when this article was written it didn't.

So remember to keep a little perspective.

[ Parent | Reply to this comment ]

Posted by Anonymous (67.174.xx.xx) on Sun 27 May 2007 at 23:01
This is the first article written step-by-step and COMPLETE. GREAT JOB!!! I've been looking for this but found bits and pieces.

Any chance you'll re-write it STEP-BY-STEP on how to do this with Etch?...

The comment above (#108 - Anonymous) ("just do this and that and the other and everything is peachy") doesn't help a noob :(

How is this done the "easy" way in Etch? Thanks

[ Parent | Reply to this comment ]

Posted by DaveV (75.166.xx.xx) on Mon 28 May 2007 at 23:04
I've already written several step-by-step howtos and an automated installer for Etch and Sid. You can find them at http://feraga.com.

Note: This was also pointed out in comments #83 and #101. I'd edit the article to have a link to the updated howtos at top but the article is so old that editing is not allowed. :)

[ Parent | Reply to this comment ]

Posted by Anonymous (67.174.xx.xx) on Wed 30 May 2007 at 00:07
Thank you so much... I'm there at the "other side" and the tutorial worked flawlessly. you DA MAN.

[ Parent | Reply to this comment ]

Posted by Anonymous (200.138.xx.xx) on Mon 8 Oct 2007 at 15:09
The GRUB problem: I was getting:

hanuman:~# grub-install /dev/sdb
/dev/sdb does not have any corresponding BIOS drive.


I have put the "--recheck" flag, then it worked


hanuman:~# grub-install --recheck /dev/sdb
Probing devices to guess BIOS drives. This may take a long time.
Searching for GRUB installation directory ... found: /boot/grub
Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

(fd0) /dev/fd0
(hd0) /dev/sda
(hd1) /dev/sdb
hanuman:~#

[ Parent | Reply to this comment ]

Posted by Anonymous (216.66.xx.xx) on Fri 11 Jan 2008 at 00:37
I was getting the following when attempting to do step 14 of this guide:

Can not write log, openpty() failed (/dev/pts not mounted?)
Segmentation fault (core dumped)

After some research, I realized that an additional mount is required, outside of the chroot:

mount -tdevpts /dev/pts /mnt/buildroot/dev/pts

That fixed me right up.

[ Parent | Reply to this comment ]

Posted by Anonymous (85.180.xx.xx) on Fri 18 Jan 2008 at 22:15
thanks, I was having the same problems :)

[ Parent | Reply to this comment ]

Posted by xuejm1225 (58.38.xx.xx) on Sat 1 Mar 2008 at 17:16
Very good work!

Just wondering if anyone plan to make this article an executive script. Manual operation brings lots of issues.

Cheers,

[ Parent | Reply to this comment ]

Posted by DaveV (75.166.xx.xx) on Sat 1 Mar 2008 at 22:07
It's been done.

Check out: http://feraga.com/project/deb2flash

[ Parent | Reply to this comment ]

Posted by Anonymous (148.188.xx.xx) on Tue 25 Mar 2008 at 13:35
Hi DaveV,

I can't reach your page.
Is the server down?

Can find your how-to anywhere else?

greez, M

[ Parent | Reply to this comment ]

Posted by DaveV (71.218.xx.xx) on Wed 26 Mar 2008 at 00:28
M,

I had a small hosting issue that's been resolved now and it will just take the hosting company a little while to get it all turned back on.

Try again tomorrow, should be fixed by then.

Thanks for the continued interest!

Dave V.

[ Parent | Reply to this comment ]

Posted by Anonymous (66.176.xx.xx) on Wed 14 May 2008 at 15:48
Hello, is the Server available or have you changed the location of your site? Would really appreciate a response since you have some very valuable info here.

Thank you in advance.

Currently (14 May 08) get this trying anything @ feraga.com:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@feraga.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

[ Parent | Reply to this comment ]

Posted by DaveV (216.241.xx.xx) on Wed 14 May 2008 at 19:32
OK, my apologies to all for the delays getting the content back online.

Here's what happened.

A small hosting problem resulted in my content being moved to a new server (updated Mysql, PHP, etc) which caused errors on the site. I tried repeatedly to preserver the site as is or do an automated upgrade to the next version of Drupal (to 5.x from 4.7).

Nothing worked. At this stage I am working to hand move the content up to a Drupal 6.2 and its going alright. So far I've managed to port the users across and I hope to move the content & comments over soon. Once that's done I will be bringing the site back online.

I guess I should have put up a maintenance page to let you all know this...sorry about that.

As for the long delay, well I work for a small company and am very busy. So its been a back-burner item for when I have time. It would probably happen faster with some help but so far I can't seem to attract anyone interesting in posting content.....just questions. (hint hint for when its back :) ).

Also I've learned my lesson on using all kinds of weird modules that modify my links, etc. on the site. If I hadn't used a bunch of content filters then the recovery would have been much faster.

If you're just looking for the Deb2Flash installer then it can still be found at http://svn.feraga.com

Thank you for your patience.

[ Parent | Reply to this comment ]

Posted by DaveV (71.218.xx.xx) on Sun 25 May 2008 at 00:18
Ok, http://feraga.com is back up.....sorta.

I've upgraded the site to Drupal 6.2 and imported most the old content.

There's still work to do but we're back.

Enjoy!

[ Parent | Reply to this comment ]

Posted by Anonymous (81.214.xx.xx) on Thu 15 May 2008 at 09:31
cryptsetup command fails :
Enter passphrase:
Verify passphrase:
Command failed: Key processing error: Unknown hash type ripemd160

Workaround for this

cryptsetup -y create ... -h sha1

ie. add "-h sha1" to cryptsetup command.

(it might also be possible to add ripemd160 hash algorithm to the system)

Thanks to Gorkem's comment in Pardus forum:
http://ftp.uludag.org.tr/bugzilla/2007-February/020648.html

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

What do you use for configuration management?








( 320 votes ~ 1 comments )