Performs one of the following tasks (i) Installs a Debian operating system on an empty hard disk in such a manner that the root, swap, and individually structured data partitions get under control of LVM, whereat its physical volume lives on an encrypted disk partition. (ii) Installs a Debian operating system on an hard disk as under (i), but without touching the data areas as they were created under (i). (iii) Performs some maintenance to keep the root file systems consistent if there are two of them. Creates a backup of a virgin Debian operating system as described under (i) or (ii), that is, a backup of an operating system that has never been executed. Tested with a 64-bit SONY VAIO VGN-BZ11EN notebook equipped with 6 GB of RAM and a SATA SSD of 2 TB Create a boot medium using some file as firmware-9.6.0-amd64-i386-netinst.iso, for example Connect the machine to the Internet by means of an Ethernet interface Boot from the prepared installation medium Advanced options Expert install Choose language Language: English - English Country, territory or area: other Continent or region: Europe Country, territory or area: Germany Country to base default locale settings on: United States - en_US.UTF-8 Additional locales: de_DE.UTF-8 de_DE de_DE@euro en_US en_US.ISO-8858-15 es_ES.UTF-8 es_ES es_ES@euro System locale: en_US.UTF-8 Configure the keyboard Keymap to use: German Detect and mount CD-ROM Load installer components from CD Installer components to load: none Detect network hardware Configure the network Waiting time (in seconds) for link detection: 3 ... Waiting time (in seconds) for link detection: 3 Primary network interface: ... # A suitable DHCP server is expected in the network. Auto-configure networking: Waiting time (in seconds) for link detection: 3 Hostname: ... Domain name: ... Set up users and passwords Enable shadow passwords: Yes Allow login as root: Yes Root password: Re-enter password to verify: Create a normal user account now: No Configure the clock Set the clock using NTP: Yes NTP server to use: 0.debian.pool.ntp.org Select your time zone: Europe/Berlin Detect disks -- cd /cdrom/pool/main udpkg -i l/lvm2/lvm2-udeb_2.02.168-2_amd64.udeb udpkg -i c/cryptsetup/libcryptsetup4-udeb_1.7.3-4_amd64.udeb udpkg -i p/popt/libpopt0-udeb_1.16-10+b2_amd64.udeb udpkg -i l/lvm2/dmsetup-udeb_1.02.137-2_amd64.udeb udpkg -i c/cryptsetup/cryptsetup-udeb_1.7.3-4_amd64.udeb uname -a # Consider subtle differences between the kernel module packages, if some. udpkg -i l/linux/crypto-dm-modules-4.9.0-8-amd64-di_4.9.130-2_amd64.udeb cd / depmod modprobe dm_crypt df cat /proc/swaps fdisk -l #------------------------------------------------------------------------------- #-- For (ii) and (iii) goto label OpenTheEncryptedContainer -------------------- #------------------------------------------------------------------------------- # Disk setup from scatch. fdisk /dev/sda p delete all partitions on /dev/sda p w dd bs=1M count=3000 if=/dev/zero of=/dev/sda fdisk /dev/sda p m g n 1 2048 1050623 (512M) n 2 1050624 2099199 (512M) n 3 2099200 t 1 4 (BIOS Boot) p w fdisk -l dd bs=1M if=/dev/urandom of=/dev/sda3 (this may take hours) cryptsetup --key-size 512 luksFormat /dev/sda3 Are you sure ? (Type uppercase yes): YES Enter passphrase: Verify passphrase: #------------------------------------------------------------------------------- #-- LABEL: OpenTheEncryptedContainer ------------------------------------------- #------------------------------------------------------------------------------- cryptsetup open /dev/sda3 pvc0 Enter passphrase for /dev/sda3: cryptsetup status pvc0 pvdisplay #------------------------------------------------------------------------------- #-- For (ii) and (iii) goto label ActivateVolumeGroupVg0 ----------------------- #------------------------------------------------------------------------------- pvcreate /dev/mapper/pvc0 vgcreate vg0 /dev/mapper/pvc0 pvdisplay lvcreate -L 12G vg0 -n swap lvcreate -L 50G vg0 -n root lvcreate -L 50G vg0 -n altroot lvcreate -L 10G vg0 -n mail lvcreate -L 12G vg0 -n u1 lvcreate -L 2G vg0 -n u2 lvcreate -L 50G vg0 -n u3 lvcreate -L 400G vg0 -n crw lvcreate -L 1200G vg0 -n cro lvdisplay # # Just as a reminder, these would be the sequence to destroy all above. # lvremove -f vg0/cro # ... # lvremove -f vg0/swap # vgremove -f vg0 # pvremove -y /dev/mapper/pvc0 # cryptsetup close pvc0 # End of reminder. # ls -al /dev/mapper dd bs=1M count=512 if=/dev/zero of=/dev/sda1 mkfs.ext2 /dev/sda2 mkswap /dev/vg0/swap mkfs.ext4 /dev/vg0/root mkfs.ext4 /dev/vg0/altroot mkfs.ext4 /dev/vg0/mail mkfs.ext4 /dev/vg0/u1 mkfs.ext4 /dev/vg0/u2 mkfs.ext4 /dev/vg0/u3 mkfs.ext4 /dev/vg0/crw mkfs.ext4 /dev/vg0/cro swapon /dev/mapper/vg0-swap cat /proc/swaps swapoff /dev/mapper/vg0-swap cat /proc/swaps #------------------------------------------------------------------------------- #-- LABEL: ActivateVolumeGroupVg0 ---------------------------------------------- #------------------------------------------------------------------------------- ls -al /dev/mapper vgchange -ay vg0 ls -al /dev/mapper #------------------------------------------------------------------------------- #-- For (i) and (ii) goto label BeforeMenuPointPartitionDisks ------------------ #------------------------------------------------------------------------------- # # Take the machine ID from vg0-altroot # if vg0-altroot is a prior installed root file system. # df mount -t ext4 /dev/mapper/vg0-root /mnt mkdir /mnt2 mount -t ext4 /dev/mapper/vg0-altroot /mnt2 ls -al /mnt2/etc/machine-id cat /mnt/etc/machine-id cat /mnt2/etc/machine-id cp /mnt2/etc/machine-id /mnt/etc/machine-id umount /mnt2 rmdir /mnt2 umount /mnt # # We changed the kernel RAM disk. # Maintain some sha1sum file in vg0-altroot # if vg0-altroot is a prior installed root file system. # df mount -t ext2 /dev/sda2 /mnt mkdir /mnt2 mount -t ext4 /dev/mapper/vg0-altroot /mnt2 cd /mnt sha1sum initrd.img-4.9.0-8-amd64 | sed 's,ini,/boot/ini,' > /tmp/sha1sum cat /tmp/sha1sum cat /mnt2/var/lib/initramfs-tools/4.9.0-8-amd64 cp /tmp/sha1sum /mnt2/var/lib/initramfs-tools/4.9.0-8-amd64 rm /tmp/sha1sum cd / umount /mnt2 rmdir /mnt2 umount /mnt # # Perform a nice backup. # df mount -t ext4 /dev/mapper/vg0-root /mnt mount -t ext2 /dev/sda2 /mnt/boot mount --bind /cdrom /mnt/media/cdrom cd /mnt mkdir /crw mount -t ext4 /dev/mapper/vg0-crw /crw ls -al /crw tar cpf /crw/RootDebian-960-amd64-i386-00.tar . mv /crw/RootDebian-960-amd64-i386-00.tar /mnt umount /crw rmdir /crw cd / umount /mnt/media/cdrom umount /mnt/boot umount /mnt # Reboot. -- #------------------------------------------------------------------------------- #-- LABEL: BeforeMenuPointPartitionDisks --------------------------------------- #------------------------------------------------------------------------------- # We are going to install a new operating system. # Think of cleaning the following partitions before. dd bs=1M count=512 if=/dev/zero of=/dev/sda1 mkfs.ext2 /dev/sda2 mkfs.ext4 /dev/vg0/root -- Partition disks Manual Goto LVM VG vg0, LV root #1 and # Uncommon behavior, hitting Enter does toggling in some cases. Partition settings: Use as: do no use How to use this partition: Ext4 journaling file system Partition settings: Mount point: none Mount point for this partition: / - the root file system Partition settings: Done setting up the partition Goto SCSI1 (...) (sda) #2 and Partition settings: Use as: do no use How to use this partition: Ext2 file system Partition settings: Mount point: none Mount point for this partition: /boot - static files of the boot loader Partition settings: Done setting up the partition Finish partitioning and write changes to disk Write the changes to disk: Yes Install the base system Kernel to install linux-image-4.9.0-8-amd64 Drivers to include in the initrd: generic: include all available drivers Configure the package manager Use a network mirror: No Services to use: Select and install software Participate in the package usage survey: No Choose software to install: Install the GRUB boot loader on an hard disk Install the GRUB boot loader to the master boot record: Yes Device for boot loader installation: /dev/sda Force GRUB installation to the EFI removable media path: No -- cd /target/etc echo pvc0 /dev/sda3 none luks > crypttab nano crypttab -x cat crypttab echo /dev/mapper/vg0-swap none swap sw 0 0 > fstab echo /dev/mapper/vg0-root / ext4 errors=remount-ro 0 1 >> fstab echo /dev/sda2 /boot ext2 defaults 0 2 >> fstab nano fstab -x cat fstab cd /target/etc/initramfs-tools # Due to the passphrase for the hard disk, early # USB keyboard support is of vital importance. echo usbcore >> modules echo uhci_hcd >> modules echo ehci_hcd >> modules echo ehci_pci >> modules echo usbhid >> modules echo hid_generic >> modules # Pay attention, update-initramfs will automatically # be excuted by Finish the installation below. nano modules -x cat modules cd / -- Finish the installation Is the system clock set to UTC: Yes Remove the installation medium: continue Perform (iii)