On 2020-12-24 10:06, rhkra...@gmail.com wrote:
On Tuesday, December 22, 2020 07:20:39 PM David Christensen wrote:
Thank you for offering to improve Debian documentation. :-)
You're welcome, but I wasn't making a general offer to improve documentation,
just to fix something that I thought was misleading.
One fix is still an improvement. :-)
... I
need to setup a few encrypted partitions for backup of some encrypted data
(currently backed up in only one place, on the same computer). So I have an
interest in (better) learning how to set up LUKS partitions (without regard to
LVM).
I have several such "encrypted backup media" drives. The following are
from my notes when I prepared one:
1. Wipe drive:
# dd if=/dev/zero of=/dev/disk/by-id/ata-ST3000DM001-***redacted*** bs=4M
2. Create GPT partition scheme:
# parted /dev/disk/by-id/ata-ST3000DM001-***redacted*** mklabel gpt
3. Create one partition using almost all of the available space:
# parted /dev/disk/by-id/ata-ST3000DM001-***redacted*** mkpart primary
0% 100%
4. Create a LUKS container:
# cryptsetup luksFormat
/dev/disk/by-id/ata-ST3000DM001-***redacted***-part1
WARNING!
========
This will overwrite data on
/dev/disk/by-id/ata-ST3000DM001-***redacted***-part1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
5. Open the LUKS container:
# cryptsetup luksOpen
/dev/disk/by-id/ata-ST3000DM001-***redacted***-part1 i3000a_crypt
Enter passphrase for /dev/disk/by-id/ata-ST3000DM001-***redacted***-part1:
6. Create an ext4 filesystem:
# mkfs.ext4 /dev/mapper/i3000a_crypt
mke2fs 1.42.5 (29-Jul-2012)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
183148544 inodes, 732565760 blocks
36628288 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
22357 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848, 512000000, 550731776, 644972544
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
7. Create a mount point:
# mkdir /mnt/i3000a
8. Mount the filesystem:
# mount /dev/mapper/i3000a_crypt /mnt/i3000a
But, I've also been curious about LVM (without much intention of using
it) -- when I started skimming the LVM wiki page and found the stuff on LUKS I
decided that would be worth reading in view of my first interest (LUKS).
Further / farther aside: The secondary interest in LVM was sparked by some
clues in the ongoing thread(s) on debian-user that pointed to (or lead me to)
some gotchas that, if I were to start using LVM I'd want to be very aware of
(for instance, that adding a partition to an LVM wipes out any data on that
partition.
I have used MD and LUKS on Linux in the past. Now I prefer OpenZFS (on
FreeBSD). But, that is a long story. Learn LUKS and backups on Linux
first.
As I was reading parts of that wiki page again (again in the LUKS section) I
started to realize that (to me) the more important thing (rather than creating
backup passwords) is creating a backup of the LUKS header. I guess that is
what you are suggesting.
Yes.
So, while "Backup passwords" -> "Step" ->
2.1 and "Restore password" -> 1.1 may describe useful system
administration procedures, these subsections have conceptual and
technical issues.
... I don't know
what they are -- I might be interested in learning what they are, but not sure
I'm interested in rewriting the document to reflect them more correctly.
Yeah, I guess I can see that perhaps some of the discussion of LUKS on this
page could / should be moved to a page specifically on LUKS, or as you mention
below, to a wiki page on BackupAndRecovery. Again, I'm probably not ready to
do that (although to a certain extent I do enjoy writing and spend too much
time doing (or trying) to do it.
Do your homework, ask good questions, read the answers, and implement
solutions that work for you. Accept that you will make mistakes, so be
prepared with good backups. Eventually, you'll learn what you need to know.
If and when you feel comfortable contributing to the Debian Wiki, etc.,
then please do so.
David
