Recent comments on posts in the blog:
Thank's for the excellent guide. I rented a dedicated server from Kimsufi and tried to setup my machine to boot from the encrypted harddrive.
The unlock via dropbear does work but unfortunately the server does not respond on the network interface afterwards. I assume that there is an error in the network config but I was not able to find it until now. This is the logfile of the boot process (i replaced my real ip with 192.168.0.1): May 16 21:08:24 xxxx kernel: Kernel command line: BOOT_IMAGE=/vmlinuz-4.9.0-6-amd64 root=/dev/mapper/vg0-root ro net.ifnames=0 ip=192.168.0.1::220.127.116.11:255.255.255.0::eth0:none May 16 21:08:24 xxxx kernel: e1000e 0000:01:00.0 eth0: (PCI Express:2.5GT/s:Width x1) 00:21:4f:b3:21:74 May 16 21:08:24 xxxx kernel: e1000e 0000:01:00.0 eth0: Intel(R) PRO/1000 Network Connection May 16 21:08:24 xxxx kernel: e1000e 0000:01:00.0 eth0: MAC: 3, PHY: 8, PBA No: FFFFFF-0FF May 16 21:08:24 xxxx kernel: IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready May 16 21:08:24 xxxx kernel: e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None May 16 21:08:24 xxxx kernel: e1000e 0000:01:00.0 eth0: 10/100 speed: disabling TSO May 16 21:08:24 xxxx kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready May 16 21:08:24 xxxx kernel: e1000e: eth0 NIC Link is Down
This is my network config: root@rescue:/# cat /etc/network/interfaces
interfaces(5) file used by ifup(8) and ifdown(8)
Include files from /etc/network/interfaces.d:
auto lo iface lo inet loopback
auto eth0 iface eth0 inet static address 192.168.0.1/24 gateway 18.104.22.168 pre-up /sbin/ip addr flush dev eth0 || true
Any ideas what to look at? Thank's in advance.
tincho, yes, the mount command is there, but this one:
chroot /target mount -a
did not mount the boot partition and there were no errors either so I had no idea that it was not mounted
By the way, thanks for the guide!
Then you missed one step. The mount command is in the guide!
After reading the comments and the tip from kuschelmaus I've made needed changes to /etc/defaults/grub file. And it didn't work, I tried every possible solution out there. But the problem was that I had to manually mount boot partition
mount /dev/sda1 /target/boot
Otherwise, update-grub2 didn't have any effect and I was getting stuck with error message that eth0 unknown device. I had to simulate installation on my local VirtualBox machine because there is no console access available at Kimsufi.
Just in case you encounter the same problem when setting up Debian 9.
After setting up everything based on this guide, which I used since wheezy, thanks for that by the way :), I noticed that my server wasn't coming back online after rebooting.
Problem: eth0 doesn't exist anymore... so no network if I setup a non-existing nic.
Solution: Either disable the new naming schema in GRUB_CMDLINE_LINUX="net.ifnames=0" or check your predictable device name by running udev and look for eth0 (since the rescue system is still a debian 8 based OS). I just dumped it to a file then searched for eth0 with vi. To dump everything just run: udevadm info -e > /tmp/udev.log then look for the predictable name in this order: ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH ID_NET_NAME_MAC
In my case it is an onboard device and the name it got is enp1s0. After adding that to GRUB_CMD_LINE and in /etc/network/interfaces I could finally get into my dropbear and unlock the system. Took me two days to figure that out. Maybe it safes someone a lot of time...
Using microg/nogapps for around 4-5 years now and also very happy!
Signature spoofing allows microg to replace google play service by giving microg the same signature. Google implemented a forced dependency model in Android which gives app suppliers the power to create a dependency on a company instead of a library. This makes conditional sale possible and easy. If I am correct, the signature spoofing patch only allows microg+blankstore and not other apps to replace google play service. Personnally I think it would even be better if you had the freedom to redefine all dependencies yourself and get rid of the possibility of conditional sale entirely. It is up to the user to decide what company to use and not the supplier. There is no extra danger from malicious actors with the patch unless you download an app with a microg signature and give that app the signature spoofing permission. I think this risk is equal or less to the risk of downloading an app which has a Google signature. Cyanogen's argument is solely based on the idea that google play services should not be replaced by another app, even if it is disabled by default and the user has to explicitly enable it a couple of times. End of cyanogen argument. Since then I am avoiding cyanogenmod when possible. Very happy with Omnirom right now.
apt-get install fdroidserver gplaycli