LUKS, Calamares, and EOS

Have zero creativity at the moment for a decent title, apologies in advance.

Need some clarifications before replacing Manjaro on my main PC.

Current setup is as follows:

  • LVM on LUKS with separated /, /boot/efi, and /home.

Since we’re dealing with Calamares, a (slightly) different approach is needed.

  1. Mount encrypted LUKS install on live session.
  2. Partition manually within Calamares.
  3. Format / and /boot (mounted at /boot/efi), and leave /home untouched.
  4. Select “Encrypt” option, then finish install.
    • Leaving unchecked doesn’t make a difference (Second test run).

On my first and second test runs in a VM I was unsuccessful. What results is an unencrypted install with a botched /home.

Third test involves mirroring a barebones clone of my Manjaro configuration into an .iso, populate a VM, and attempt install whilst keeping /home and LUKS. Let’s hope it works!

EDIT:

Test #3 FAILED.

What works (until it doesn’t):

  • Mounting LUKS + LVM (semi-manually) works out of the box.
    • Thunar may “error” after entering LUKS passphrase, ignore it.
  • Calamares’ manual partitioning permits proper management of existing partitions.
    • Format boot partition, mounting at /boot/efi.
    • Modifying LVM’s within my test VG.
      • Select VG from the drop-down volume menu.

After Calamares is done formating the boot partition the installation fails:

VirtualBox_ff_19_08_2019_04_04_52

1 Like

Here is quite a long tutorial. Did not try myself, but it sounds quite complete.

1 Like

Manjaro-Architect nullifies about half the steps. Creating the proper environment using M-A (for the lazy) takes a brief moment.

Actually, it should be possible to do the above then copy the “temporary filesystem” over to the root LVM, boot back into M-A and finish it quite easily using readily available tools.

Hold my beer. :crazy_face:

2 Likes

Did my own Manjaro installation that way, as can be read here (have to admit that I got a little carried away by my success…)

M-A is a great tool.

I’m trying to duck-tape an Endeavour OS install using Manjaro Architect.

Essentially oversimplifying @2000’s tutorial, because why not? :upside_down_face:

If you succeed please let us know how you did it.

1 Like

I have been in the same boat, coming from Manjaro, looking at EOS as a potential replacement. After a few unsuccessful attempts with Calamares (I want btrfs +luks) ,I ended up with native Arch following this https://austinmorlan.com/posts/arch_linux_install/ approach.
While it was fun to go through my first Arch install, I was wondering if, for future installs, there’s a way to do the disk layout with the tool of choice, manual in my case, and then run

pacstrap /mnt base base-devel…

from a EOS USB stick instead of Arch?
Obviously one would miss out on everything Calamares does during the installation but maybe some of the configuration changes, branding, etc. would still be there?

Actually Manjaro-Architect nullifies all the steps. Everything my howto describes can be done in M-A. It’s just a very good installer and totally underrated.
Too bad it only installs Manjaro :wink: so

I would also really be interested in hearing what you experienced. This project would surely benefit from an installer with more (working) options.


Manjaro-Architect is basically just a bunch of bash scripts forked from the Architect Linux installer by Carl Duff.
I had a quick look at some of the scripts; it shouldn’t be too difficult to adapt them for a different distribution. Just a ton of work, so as long as I can set up my preferred encryption scheme manually (LVMonLuks with seperate /home and hibernation file) in about 15 minutes I certainly won’t be doing this.

But there’s a reason Manjaro offers Manjaro-Architect alongside Calamares. I hope I’m wrong and it certainly is still early on and I should give it more time, but I don’t believe the upcoming calamares net-installer will (ever) cover the needs of some hard-to-please (like me). So the EndeavourOS team may eventually have to provide some other installer in the future also.

(Please understand the following isn’t meant as general critic; I’m really happy with this young project at this stage but I believe some things need to be addressed in the future).
On the one hand EndeavourOS wants to provide an easy GUI install,
because users are expecting the GUI approach as Bryan put it, even to an arch newbie, but then doesn’t provide any means to search and install software per GUI. So once installed they then want a new arch user to get used to doing stuff in the terminal. Somehow doesn’t feel right.

Is a TUI-installer (that actually gets things done) really that scary and off putting to new users?
I get it that the devs wanted to get this project started with a working iso and that calamares was an easy way to set this up in a time frame they set themselves but I don’t understand the main focus on calamares in the foreseeable future. Unless they are doing some really heavy modifications upstream. In every discussion I have followed (this forum, Telegram) that point out potential alternatives, it (the/a dev) always comes back to calamares or the upcoming calamares net-installer. But this will probably only let you choose something else than XFCE and still not let you install/combine BTRFS, LVM, LUKS etc.

But, early days; I’ll give it time. Really like this project so far!

4 Likes

We completely understand your point of view, we just released our second release and we’re going a certain path, at this moment we’re working on the netinstaller. This might not seem a big deal to you, but it’s a big promise we made to this community in the Antergos forum. A very large part of that community followed us and gave us their trust, before we even had a distro or a forum and website.
We’re doing everything one step at a time.

5 Likes

I do like the idea of having a non-gui installer as an option onto the same ISO with Calamares. As they are mostly script-based they do not take much space.

But in respect to the early days and the big amount of work we have done already and we will have in the next time, this will be a future project, and most of all will need someone starting with it at development side. Can be you also, as EndeavourOS is a community Project :wink:

3 Likes

EndeavourOS is basicly the Archiso only with XFCE4 and some tools on top.
You can install Archlinux from it. But as calamares offline install is using an image of the ISO itself unpacking to create the installed system it is of cause doing it different, then installing with pacstrap.
As we do not have much configurations out of the theming for XFCE - grub - lightdm it will be easy to install this stuf to get EOS branding…

3 Likes

I have been working on exactly that. In my case I start the latest EndeavourOS install ISO. Then from the Live ISO, I run two different scripts that I retrieve with wget from a terminal window. At this point, the first script installs UEFI only, on a specific partitioning scheme. Then the 1st script copies the second script to the /mnt filesystem then does acrh-chroot. Then you run the second script to finish the configuration om the chroot environment. This is like doing a arch base install the arch way, but easier.

It ends up being a 1.6 GB install with 150 packages.

I have incorporated the EndeavourOS mirrorlist and repositories. But, so far I haven’t figured out how to rebrand the Grub menu.

At this point the script works nicely, but I need a few days to clean up the code. My code probably won’t be up to Joe’s capabilities, but it works.

This could work as a stop gap solution until the base install is available right from the EndeavourOS Live ISO.

Success!

Used M-A to partition, encrypt, and create a VG with multiple LVM’s. An option allows for easy modification of existing configuration files (e.g. crypttab, fstab, mkinitcpio, etc). Streamlining every step, with the notable exception of the install itself. Running mkinitcpio, creating fstab, unlocking LUKS; almost every step automated, and categorized. Basically, M-A can be used with any* Arch-based distribution.

EDIT: @2000 @csteinforth

VirtualBox_ff_19_08_2019_21_37_45

3 Likes

It would really be helpful if you could describe the actual steps you performed here :+1:

1 Like

As i will try to create a tutorial to get EndeavourOS installed with basic and secure encryption (to have a solution to install it on mobile devices) i would like to hear what you think.

As it is only possible to encrypt one partition with calamares there are not that many easy solutions.

create encrypted / + unencrypted swap and encrypt swap after booting into system
like here: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#UUID_and_LABEL

1 Like

Will make an alternative to @2000’s guide, featuring screenshots, Manjaro-Architect, and significantly fewer commands. Hopefully by thursday the latest.

Didn’t want to disappoint with a rushed comment, sorry about that. :woozy_face:

3 Likes

EndeavourOS - Duck-Taped

should be the title for your tutorial !

4 Likes

How about not creating a swap partition but rather go swapfile instead? Maybe a bit more complicated for the script but that would bypass the one encrypted partition only limitation?
I am not an expert by any stretch of imagination, but a swapfile seems to be a significantly better option in any case rather than “hardcoding” the disk structure with partitions?

As far as your question is concerned, what is important to me is the ability to select the file system. But with the exception of Manjaro, all Calamares versions I have dealt with so far, did not allow to change the filesystem after encryption was selected. It’s either unencrypted with my choice of FS (btrfs) or encrypted with ext4, never both.

1 Like

Architect installer can handle this stuff as i can see inside the code… would be nice to have some members get involved into architect code to get it working for EOS.

We will join in and be there for help or any questions, but priority for now is to get netinstaller-calamares ready.

5 Likes