Testing refracta2usb-2.0 with encrypted persistent volumes.
If you create an encrypted volume for persistence (partition or loopback file)
the script checks the initrd to see if it contains askpass. A warning is issued
if it's missing.
Made live-usb on jessie (mydevuan - devuan/angband/exegnu from a devuan debootstrap install)
Added the following live systems with the following results:
refracta-7.8 amd64
With persistent encrypted loopback file, got no warning
Booted with the entry for persistence. No password during boot, persistent volume not mounted, no r/w for user or root.
Added patched initrd. Got password prompt, persistence and root r/w media.
Added mountmode=rw,noatime and user gets r/w media.
(Note: got the same results with refracta-7.2 i386)
jessie-sysv i386
With persistent encrypted loopback file, with Warning
Booted persistence, got no password, persistent volume not mounted, but root has r/w media
Ran update-init-crypt.sh during the live session to update the initrd with cryptsetup.
Rebooted with updated initrd, got password prompt, persistence works, root has r/w media.
exegnu-refracta amd64
With persistent encrypted loopback file, with Warning
Booted persistence, no password, persistent volume not mounted, root has r/w media.
Added patched initrd. persistent volume not mounted. Sorry, I think my notes are wrong about who has r/w media, so that's not included here. In previous tests, I'm pretty sure r/w worked properly. Also, in previous tests I updated the initrd to get encrypted persistence to work.
mydevuan (added cryptsetup to initrd before creating the snapshot)
With persistent encrypted loopback file, got no warning.
Boot persistence, got password prompt, persistence and root r/w media.
Replaced the syslinux folder and mbr code with wheezy versions and retested persistence.
jessie-sysv still works with the updtaed initrd.
refracta-7 still works with the patched initrd.
mydevuan still works with the original initrd.
Looks like the preferred method (with isos made from jessie) is to add cryptsetup to the initrd before making the snapshot.
If you get the initrd warning with a wheezy-based iso, I think you'll need to patch the initrd, boot the persistence entry, update the initrd, boot back to the installed system and patch the updated initrd.
Anyway, I think it's about ready for prime time. Here a beta deb -
http://sourceforge.net/projects/refract ... b/downloadKnown or probable issues/bugs:
Some of the tasks end without a notification that says the task completed, which could be confusing at times.
Some of the messages about when you need to use a patched initrd might be wrong.
If you run patch-initrd after adding a live system, you'll need to Rescan, because the usb is still mounted. The error message now suggests a Rescan.
UNTESTED: Doing all this stuff while running in a live session (i.e. using a live-usb to create another live-usb or possibly adding another live system to the same usb.)