Results 1 to 2 of 2

Thread: How to install 42.3 from scratch but keep separate encrypted /home partition?

  1. #1

    Question How to install 42.3 from scratch but keep separate encrypted /home partition?

    I have an openSuSE 42.2 installation on a btrfs partition, with a separate encrypted /home partition using xfs.
    I want to do a fresh install-from-scratch (NOT an in-place upgrade; see [1], below) 42.3 installation while keeping my existing /home partition, and I'm having trouble making that happen.

    I boot into the official openSuSE 42.3 installation DVD, run through the initial prompts, provide the password to unlock the encrypted partition, go into Expert Partioning, and *try* to set everything up as I envision - reformatting my system partition as btrfs with snapshots enabled, and NOT formatting my xfs /home partition but still having it mounted under /home.
    On this last step, the partitioner prompts me for a password for the encrypted partition, but then returns with this error (whether I give it the existing password or a new one):
    Error
    Could not set encryption.
    System error code is -3016.
    The encryption password could be incorrect.
    And there does not appear to be any way to bypass this error and proceed anyway. Also web-searches for that error code have so far been fruitless.
    (The partitioner would let me proceed if I reformatted the partition, but I'm only willing to do that as a last resort, after copying everything off, and then later copying most of it back in...)
    Can anyone offer any good suggestions of how to accomplish what I'm trying to do?

    Note that I am also willing to approach this issue in a different way, by letting the installer simply put /home directly within the system btrfs partition, and then later manually overriding that setup myself, and specifying the existing encrypted partition to be mounted under /home.
    However, I would need some guidance on that approach as well, because I am (so far) not entirely clear on how /etc/fstab, /dev/mapper, /sbin/mount.crypt[o]_LUKS, and grub2 all interact to prompt me for the encryption password and then mount the encrypted partition under /home.


    [1] Reason for wanting a fresh install rather than in-place upgrade:
    https://doc.opensuse.org/release-not...rade.btrfsleak
    The permanent fix for the btrfs-snapshot disk-space leak requires reformatting.

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,681
    Blog Entries
    3

    Default Re: How to install 42.3 from scratch but keep separate encrypted /home partition?

    Boot the installer.

    At some stage (soon after the license) it should ask for the encryption key for "/home", except that it might say something other than "/home" (maybe something like "/dev/sd5" or whatever). Provide that encryption as requested.

    Continue until you get to the partitioning proposal. There should be an option, toward the bottom of the screen, for something like "Create partitioning" (I'm not sure of the exact wording, but this is distinct from expert partitioner). Click that.

    That should give you a list of all existing partitions. You can assign them as you want. If there is now on option, near the bottom of the screen, for "Import mount points" (or something similar with the word "import") then click that. It should list a linux system and tell you want the mount points are for that existing linux system. If you have more than one on your computer, you can cycle through them. Select the one that you want.

    Alternatively, at this point, you can right click on any partition and select "Edit". That will allow you to change how that partition is used.

    I'm not sure if this helps, since your problem seems to be with the encryption. If you still run into that problem, then check whether you can access the partition when booting from live media booting the DVD to rescue mode. If the partition is LUKS encrypted, then the command to access it from the command line is something like:
    Code:
    cryptsetup luksOpen /dev/sda5 cr_sda5
    except change "/dev/sda5" to whatever the correct device is. The "cr_sda5" that I listed there is just a symbolic name, and can be anything that does not cause a name conflict. If you are using something other than LUKS encryption, then you will need to find out the appropriate command to access the partition.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •