[unstable] Manjaro-architect beta testing

netinstall
manjaro-architect

#504

I like this idea, assuming there is always a one to one mapping between grub and installed encrypted system partitions.

It is currently possible to install multiple encrypted systems on the same machine, but is it possible to access them via the same grub? The os-prober script explicitly blocks adding of additional luks partitions, this script is called in both update-grub and grub-mkconfig, but is there another way? What script is called to create the first grub menu item with all the correct crypto setup? Can this entry be copy and pasted in grub.cfg, substituting the correct UUIDs and devices?

Maybe the best way to install multiple encrypted systems on a single machine is to give them their own $esp and select which $esp to boot in BIOS.


#505

The keyfile is loaded by initcpio, so it is specific to the system. So if you add manually entries to other encrypted systems, the keyfile only effects them if they load one in their own initcpio.[quote=“sueridgepipe, post:504, topic:16010”]
Maybe the best way to install multiple encrypted systems on a single machine is to give them their own $esp and select which $esp to boot in BIOS
[/quote]

Possibly. In that case I would install refind to switch between systems though.


#506

Partition filtering in mount menu is now online in git. In my tests it works


#507

In regard on getting this to production I’d recommend to disable all features not working properly to get a more simplified installer. Then test those features first if you guys want to release the installer to the public. Else continue with the given tasks and test the installer later thru all given features.

It is better to stabilize the basic features first and then tackle UEFI installs and encryptions. The later is always hard to accomplish …


#508

Maybe. Uefi has support has been working flawlessly from the beginning though, no problems with that.

I would say that the following features can now be considered stable:

  • partitioning/mounting
  • base installation
  • bootloader installation
  • manjaro-desktop installation
  • base configuration (passwords, user creation, etc)

I’m not sure about error logging, but since @oberon closed the issue in github and I have not encountered new problems with it, that might be stable too.

I’d say that if we put the completion check in the end, and do some testing with openrc profiles, the basic features can be considered stable.


#509

Thing is, since we started with fairly fully featured and integrated installer, disabling features can be more work than fixing the issues. Of course, simpler installer can be desirable for other reasons.


#510

Logging/error-handling I think is pretty satisfying now. The check_for_error() function is quite versatile and we can easily collect more information if needed by inserting it in more places. We are covering pretty much everything already, anyway :wink:
Also we’ve now added an option to copy the log to target install when you exit the installer

Content of the log currently looks typically like this:

02/27/17 06:01:57 [[ manjaro-architect-dev 0.7.4.r177.gecab6b5-1 ]]
02/27/17 06:01:57 system: BIOS, init: systemd nw-client: nmtui 
02/27/17 06:02:03 set LANG=en_US.UTF-8 
02/27/17 06:02:50 loadkeys de 
02/27/17 06:03:08 parted -s /dev/sda rm 2 
02/27/17 06:03:08 parted -s /dev/sda rm 1 
02/27/17 06:03:08 /dev/sda mklabel msdos 
02/27/17 06:03:09 set boot flag for /dev/sda 
02/27/17 06:03:09 parted -s /dev/sda mkpart primary ext3 513MiB 100% 
02/27/17 06:03:17 --------- [lsblk] ------------
02/27/17 06:03:17 /dev/sda1 512M
02/27/17 06:03:17 /dev/sda2 7.5G
02/27/17 06:03:26 mount /dev/sda2 as mkfs.ext4 -q. 
02/27/17 06:03:26 create mountpoint 
02/27/17 06:03:29 mount -o  /dev/sda2 /mnt
02/27/17 06:03:39 mount /dev/sda1 as mkfs.vfat -F32. 
02/27/17 06:03:42 create mountpoint 
02/27/17 06:03:42 mount -o  /dev/sda1 /mnt/boot
02/27/17 06:04:04 edit pacman-mirrors.conf
02/27/17 06:04:27 rank_mirrors branch unstable
02/27/17 06:04:27 rank mirrors
02/27/17 06:04:39 refresh pacman-keys
02/27/17 06:04:57 init openrc
02/27/17 06:05:04 selected: linux41
02/27/17 06:05:06 modules: KERNEL-acpi_call KERNEL-ndiswrapper
02/27/17 06:05:07 packages to install: acpi b43-fwcutter bash btrfs-progs bzip2 coreutils crda dhclient diffutils dmraid dnsmasq dosfstools e2fsprogs ecryptfs-utils exfat-utils f2fs-tools file filesystem findutils gawk gcc-libs gettext glibc grep gzip inetutils intel-ucode iproute2 iptables iputils ipw2100-fw ipw2200-fw jfsutils less licenses linux-firmware logrotate lsb-release man-db manjaro-firmware manjaro-release manjaro-system man-pages memtest86+ mhwd mhwd-db mkinitcpio-openswap nano nilfs-utils ntfs-3g acpid-openrc cpupower-openrc cronie-openrc cryptsetup-openrc dbus-openrc device-mapper-openrc dhcpcd-openrc eudev-systemd haveged-openrc libeudev-systemd lvm2-openrc mdadm-openrc netifrc nfs-utils-openrc rsync-openrc wpa_supplicant-openrc os-prober pacman pciutils pcmciautils perl procps-ng psmisc reiserfsprogs sed shadow s-nail sudo sysfsutils tar texinfo usbutils util-linux which xfsprogs zd1211-firmware linux41 linux41-acpi_call  linux41-ndiswrapper
02/27/17 06:23:36 install basepkgs ==> Creating install root at /mnt
02/27/17 06:23:36 copy vconsole.conf
02/27/17 06:23:36 set target branch unstable 
02/27/17 06:23:36 base installed succesfully.
02/27/17 06:26:25 bios_bootloader ==> Creating install root at /mnt
02/27/17 06:27:20 grub-mkconfig Generating grub configuration file ...
02/27/17 06:27:56 setup_graphics_card video-virtualbox 
02/27/17 06:28:30 selected: [Manjaro-xfce]
02/27/17 06:28:33 selected 'minimal' profile
02/27/17 06:28:35 packages to install: acpi b43-fwcutter bash btrfs-progs bzip2 coreutils crda dhclient diffutils dmraid dnsmasq dosfstools e2fsprogs ecryptfs-utils efibootmgr exfat-utils f2fs-tools file filesystem findutils gawk gcc-libs gettext glibc grep grub gzip inetutils intel-ucode iproute2 iptables iputils ipw2100-fw ipw2200-fw jfsutils less licenses linux-firmware logrotate lsb-release man-db manjaro-firmware manjaro-release manjaro-system man-pages memtest86+ mhwd mhwd-db mkinitcpio-openswap nano ntfs-3g acpid-openrc cpupower-openrc cronie-openrc cryptsetup-openrc dbus-openrc device-mapper-openrc dhcpcd-openrc eudev-systemd haveged-openrc libeudev-systemd lvm2-openrc mdadm-openrc netifrc nfs-utils-openrc rsync-openrc wpa_supplicant-openrc os-prober pacman pciutils pcmciautils perl procps-ng psmisc reiserfsprogs sed shadow s-nail sudo sysfsutils tar texinfo usbutils util-linux which xfsprogs zd1211-firmware avahi-openrc networkmanager-openrc networkmanager-consolekit networkmanager-openconnect networkmanager-openvpn networkmanager-pptp networkmanager-vpnc networkmanager-dispatcher-ntpd nss-mdns ntp-openrc mobile-broadband-provider-info modemmanager openssh-openrc samba alsa-firmware alsa-utils-openrc ffmpeg gst-libav gst-plugins-bad gst-plugins-base gst-plugins-good gst-plugins-ugly libdvdcss android-tools android-udev gvfs gvfs-afc gvfs-gphoto2 gvfs-mtp gvfs-nfs gvfs-smb mtpfs udiskie udisks2 autoconf automake binutils bison fakeroot flex gcc libtool m4 make patch pkg-config yaourt cantarell-fonts pamac lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings accountsservice exo garcon gtk-xfce-engine thunar thunar-volman tumbler xfce4-appfinder xfce4-panel xfce4-power-manager xfce4-session xfce4-settings xfce4-terminal xfconf xfdesktop xfwm4 xfwm4-themes blueman ffmpegthumbnailer freetype2 gconf gksu gnome-keyring libgsf libopenraw light-locker network-manager-applet menulibre orage poppler-glib thunar-archive-plugin thunar-media-tags-plugin xfce4-battery-plugin xfce4-clipman-plugin xfce4-notifyd xfce4-screenshooter xfce4-taskmanager xfce4-whiskermenu-plugin xfce4-xkb-plugin gnome-icon-theme gnome-themes-standard gtk-theme-breath xcursor-simpleandsoft xcursor-vanilla-dmz-aa dmidecode engrampa engrampa-thunar-plugin gparted gufw htop qpdfview inxi manjaro-hello manjaro-settings-manager manjaro-settings-manager-notifier midori mousepad mugshot parole powertop sylpheed p7zip unace unrar manjaro-documentation manjaro-xfce-minimal-settings manjaro-browser-settings xf86-input-elographics xf86-input-evdev xf86-input-keyboard xf86-input-libinput xf86-input-mouse xf86-input-void numlockx mesa-demos xorg-server xorg-server-utils xorg-twm xorg-utils xorg-xinit xorg-xkill perl-file-mimeinfo xdg-user-dirs xdg-utils xdg-su consolekit-openrc displaymanager-openrc pm-utils cgmanager-openrc manjaro-hotfixes 
02/27/17 06:52:46 install pkgs: xfce ==> Creating install root at /mnt
02/27/17 06:52:46 copy overlay 
02/27/17 06:52:46 copy root config 
02/27/17 06:52:50 add xdm default: lightdm 
02/27/17 06:53:26 generate_fstab 
02/27/17 06:53:30 set_hostname 
02/27/17 06:53:50 set_locale 
02/27/17 06:54:31 set_root_password New password: Retype new password: passwd: password updated successfully
02/27/17 06:54:46 add user to groups 
02/27/17 06:54:46 create user pwd New password: Retype new password: passwd: password updated successfully
02/27/17 06:55:03 run_mkinitcpio 
02/27/17 06:55:22 exit installer.

My test installs also with openrc (xfce and i3) completed with no issues.

I’d say as soon as we’ve added our check_vitals() function at the end, the architect should be ready to move on to testing branch for more testing. Maybe @philm you want to do a test run yourself first?


#511

Just did a number of installs, Manjaro desktop, bare bones DE, encrypted partition, LVM across partitions and disks, and all worked well. I encounted the NetworkManager not enabled once for a bare bones install, I forgot this step in the install, but it was installed just not enabled, easy manual fix.

Would love to know how to setup grub to boot multiple encrypted partition systems. This is not a manjaro-architect issue, just interested.

Looks good. Only partitions I see that need modification in the partition list is the LVs, which are duplicated for each partition, thus can be selected and mounted more than once currently.

Nearly ready to let it move out of home, not sure it has had been tested in enough environments to be considered production ready, but it looks pretty stable. Big test will be how it handles a wide variety of bare metal system hardware, particularly very recent hardware.

Be interesting to see how people use it, and if they request any mods or enhancements.

Really needs the tick of approval first from the official edition(s) and community edition(s) maintainers, to ensure their baby is being installed completely and is fully functional.

Congrats @Chrysostomus and @oberon, a job very well done indeed.


#512

For this more complicated partitioning setup

How should the mount partition list be displayed?

There are two encrypted partitions in a single logical volume, and three other partitions in a second logical volume.

$ lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda               8:0    0 232.9G  0 disk  
├─sda1            8:1    0   300M  0 part  /boot/efi
├─sda2            8:2    0  29.3G  0 part  /
├─sda3            8:3    0   3.9G  0 part  
├─sda4            8:4    0  29.3G  0 part  
├─sda5            8:5    0  29.3G  0 part  
├─sda6            8:6    0  29.3G  0 part  
├─sda7            8:7    0  29.3G  0 part  
├─sda8            8:8    0  29.3G  0 part  
├─sda9            8:9    0  27.4G  0 part  
└─sda10           8:10   0  25.6G  0 part  
sdb               8:16   0    25G  0 disk  
├─sdb1            8:17   0  15.2G  0 part  
│ └─cryptroot   254:0    0  15.2G  0 crypt 
│   └─mvg1-mlv1 254:2    0  20.5G  0 lvm   
└─sdb2            8:18   0   9.8G  0 part  
  └─mvg2-mlv2   254:3    0  29.5G  0 lvm   
sdc               8:32   0    15G  0 disk  
├─sdc1            8:33   0   5.2G  0 part  
│ └─cryptroot2  254:1    0   5.2G  0 crypt 
│   └─mvg1-mlv1 254:2    0  20.5G  0 lvm   
├─sdc2            8:34   0   4.9G  0 part  
│ └─mvg2-mlv2   254:3    0  29.5G  0 lvm   
└─sdc3            8:35   0   4.9G  0 part  
  └─mvg2-mlv2   254:3    0  29.5G  0 lvm   
sdd               8:48   0    10G  0 disk  
└─sdd1            8:49   0    10G  0 part  
  └─mvg2-mlv2   254:3    0  29.5G  0 lvm   

I assume mounting cryptroot as the install root partition would fail with errors as it is a part of a logical volume?

Something to do now, or for version 2?

EDIT : One last thing, should this dialog only contain luks partitions?

And this dialog only contain non luks partitions, and lvm partitions?


#513

yes, bare-metals are the real test for Users.

and a special congrats to @sueridgepipe <- Super-Tester of the Month Award. :wink:

Question:
Is, or will the manjaro-architect/setup script be auto-updateable to newest version, upon execution. ?

again, thx to ALL thus far.


#514

Same issues will arise, video drivers and wireless network adapters, although mhwd -l is used to list the available graphic drivers for the user to choose from, and mhwd -i pci [selection] is used to install it. In most cases this should work, assuming the user makes the right choice.

Real world installs will also require a network connection, don’t think the m-a live ISO will provide wireless OOTB.


#515

bare-metal does matter, and anyway, that’s what nmtui, …, is for.
but again, back to my original question: [once network is up]:

@Chrysostomus @oberon

thx.


#516

How about “I think so”, or “I’m pretty sure”?

Remember @oberon saying he built this into manajro-architect launcher, so running setup on the ISO should download the most current version.


#517

“I think so” couldn’t find it on searching.
I re-directed question to oberaon and Chsysos
I was searching for it, couldn’t find it, but glad now if that’s the case -good news.


#518

#519

ah k,
So it was in one of the other threads.
TY.


#520

Okay, tonights list then:.

  • hide lvm partition entries from selection

  • implement exit check that warns if you missed something important

  • show grub-mkconfig output

  • offer only Luks volumes for Luks opening [quote=“scjet, post:513, topic:16010”]
    Is, or will the manjaro-architect/setup script be auto-updateable to newest version, upon execution. ?
    [/quote]

    sudo setup 
    

Does exactly this


#521

And non-luks /non lvm partitions for luks creation?


#522

Ths ISO does provide wireless OOTB. If you don’t have a wired connection it gives the option to choose a wired or wireless connection. WHen I first started attempting the bare metal install it was with wireless and I had no issues with connectivity. mhwd also detected the right wireless card for the laptop I was using an old Dell Latitude d6320


#523

Just tested installing on an LV containing multiple encrypted partitions, install succeeded but bootloader install failed.

...
sdb               8:16   0    25G  0 disk  
├─sdb1            8:17   0  15.2G  0 part  
│ └─cryptroot   254:0    0  15.2G  0 crypt 
│   └─mvg1-mlv1 254:2    0  20.5G  0 lvm   
...
sdc               8:32   0    15G  0 disk  
├─sdc1            8:33   0   5.2G  0 part  
│ └─cryptroot2  254:1    0   5.2G  0 crypt 
│   └─mvg1-mlv1 254:2    0  20.5G  0 lvm   
...

Tried the same fix as above, with the slight change being I had to chroot into the LV after de-crypting both luks partitions.

sudo cryptsetup open --type luks /dev/sdb1 cryptroot
sudo cryptsetup open --type luks /dev/sdc1 cryptroot2
sudo mount /dev/mapper/mvg1-mlv1 /manjaro
sudo manjaro-chroot /manjaro

In /etc/default/grub

GRUB_CMDLINE_LINUX=" cryptdevice=UUID=9eca67a2-2410-4430-9f12-636abc6286b1:cryptroot"
GRUB_ENABLE_CRYPTODISK=y

The crypt device is the UUID of /dev/mapper/cryptroot.

sudo blkid | grep crypto
/dev/sdb1: UUID="9eca67a2-2410-4430-9f12-636abc6286b1" TYPE="crypto_LUKS" PARTUUID="53eb94f9-b145-49b5-bb3b-ed31c9577a5a"
/dev/sdc1: UUID="fab0aefe-e21f-413a-a47a-e2931b098694" TYPE="crypto_LUKS" PARTUUID="c874fb0e-9fbe-45ff-8e80-5bca24e32726"

Using the UUID of the first encrypted partition, is this right?

sudo grub-mkconfig -o /boot/grub/grub.cfg
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro_grub --boot-directory=/boot --recheck
Installing for x86_64-efi platform.
File descriptor 4 (/dev/sda1) leaked on vgs invocation. Parent PID 9719: 
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
File descriptor 4 (/dev/sda1) leaked on vgs invocation. Parent PID 9719: 
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Installation finished. No error reported.

New grub prompts to open both encrypted partitions in the LV correctly.

Grub menu is correct.


diskfilter writes error on boot of LV system

Prompts to open first encrypted drive, /dev/sdb1

Crash and burn.

In /etc/default/grub should I be using the UUID of the LV mapper partition instead of the UUID of the first luks partition? Can’t hurt to try it.

sudo blkid | grep mvg   
/dev/mapper/mvg1-mlv1: UUID="ebf65181-16e3-43df-83f7-aeba321f4517" TYPE="ext4"

Or is this luks and lvm config not supported?