Calamares 3.1 encryption

[kdemeoz]

Sigh. Had just made my way through 17.03 Calamares' setup, keeping my 2TB HDD untouched, but replacing my existing MBR partition table on my 250 GB SSD with GPT, & creating these new partitions in place of my current structure:
/sda1 = 205 MB fat32 EFI, mount /boot/efi, flag esp
/sda2 = 40 GB ext4 root, unencrypted
/sda3 = ~167 GB luks /home, encrypted (i picked ext4, but once i ticked Encrypted box, Calamares changed it to luks]
24 GB unformatted spare, right at end.

Only moments after i told it to proceed with installation, it failed, with error:

Installation Failed
The installer failed to create file system on partition /dev/sda3.
Command: cryptsetup -s 512 --batch-mode --force-password luksFormat /dev/sda3

So i intuit the answer is "Calamares can encrypt, except that it can't". Fabulous, just fabulous...

[kdemeoz]

Several repeat attempts to install, with encrypted /home, all failed with same error. Each time i tried tweaking some settings here & there, & also one time in the Live session prior to the install attempt, i launched KDE Partition Manager & vaporised my original eCryptFS-/DATA partition in case LUKS was getting sulky over that [completely illogical possibility, but then the whole failure scenario was silly anyway]. Of course it did not help.

The only way i finally completed the n'th installation iteration was, exasperatingly, to abandon the /home encryption & make it standard ext4. Is Calamares sponsored by NSA, perchance?  ;-)

I'll now post-install create the encryption with eCryptFS, but this is annoying as, contrary to the nice way Ubiquity used to do it, this way does not now encrypt /home itself, but creates an encrypted .private area [partition? directory? volume?] within it... effective, but less elegant [eg, all data paths now become a little longer].

EDIT:   I've struck out that text as i discovered i was incorrect. In fact the post-install eCryptFS procedure works well & creates a "normal" encrypted /home structure.

On a positive note, kudos to the Maui Devs for the handy boot-menu 3rd option to jump into BIOS... cute.

[kdemeoz]

For the info of anyone wishing to have an encrypted /home partition in Maui 17.03, but who finds that Calamares fails in the attempt... this is how i post-install resolved it.

Source: https://wiki.archlinux.org/index.php/ECr..._directory

1. The source says:

"Encrypting a home directory
The wrapper script ecryptfs-migrate-home will set up an encrypted home directory for a user and take care of migrating any existing files they have in their not yet encrypted home directory.

To run it, the user in question must be logged out and own no processes. The best way to achieve this is to log the user out, log into a console as the root user, and check that ps -U username returns no output.",

2. I tried multiple ways to achieve that, including rebooting & toggling to TTY without actually logging into Plasma first, but every time the following Source steps failed as there were still several processes owned by me. Eventually i deduced this way, & it worked:
a. Log in to normal desktop as me.
b. Create a second User, also Admin.
c. Reboot
d. At standard Login screen [now containing both Users], toggle to TTY, & therein, login as the new 2nd User.
e. Proceed with the following steps.

3. Run [& follow ALL the onscreen instructions]:

Code:

# modprobe ecryptfs
# ecryptfs-migrate-home -u username

4. Voila.

5. Whereas Source says that User needs to perform additional steps to make this partition auto-mount, for me it has already become auto-mounting [& decrypting] on login, without any further action by me. Maybe that's a weakness of Arch?

[leszek]

Encryption support should not be available in calamares as it isn't working with the debian base. If it is that's a bug.