Migrating from Debian Bookworm to Devuan Daedalus on the Libre Computer "Renegade" Single Board Computer

ISSUED: 2023-11-19
EDITED: 2023-12-07

📢 this gemlog is part of series use the link below to go the main menu!

=> Make a StealthBox with Devuan and Libre Computer Renegade

⚠️ To follow this walk-through you need to read in order the following gemlogs:

=> Install Debian on Libre Computer "Renegade" with encrypted filesystem | Setup Dropbear to unlock Debian on the Libre Computer "Renegade" over your Local Network

Intro

Finally I landed on my favorite part of this series of gemlogs, the one where I can… Finally… (breathing…)

📢 📢 📢 GET RID OF SYSTEMDDDDDDDDDDDDDDDDDDDD 🎇 🎇 🎇

This is absolutely amazing! 🍾 🍾 🍾

I have dreamed for years to use any operative system without systemd on my boards and now it is a reality! 😭

This is why I remarked how it was very important the fact that at Libre Computer were able to run a stock Debian instead of some arguable rearrangement… Kudos to them!

As a matter of fact, this allowed me to migrate the system from Debian to Devuan!

Why didn't you bootstrap into Devuan directly?

Well there are two reasons why I didn't pursue what, based on my opening, sounded more predictable:

• 1. Some people would prefer to use Debian because systemd and this allows them to install Debian on an encrypted file-system (and I feel sorry for them 😔).
• 2. Technically speaking bootstrapping Devuan would had increased the amount of pebcak and prevented the former point.

What else?

My steps to migrate from Bookworm to Daedalus are almost a carbon-copy of the original documentation plus some tweaks!

=> Devuan.org: Migrate from Debian Bookworm to Daedalus [1]

I reported it just for the sake of the Gemini readers… 🤗

Some additional preps

Add a regular user

I already created my USER and added the USER to the SUDO group:

adduser

Create you user and…

adduser YOUR-USER sudo

And now a simple log-out log-in as your NEW-USER to apply the changes

Modify /etc/dropbear/initramfs/dropbear.conf

⚠️ The migration breaks the dropbear-initramfs it is recommended to have, at least, a keyboard nearby to unlock ROOT

This change should avoid to connect the keyboard to unlock the partition directly from the board.

sudo micro /etc/dropbear/initramfs/dropbear.conf

and change from this:

DROPBEAR_OPTIONS="-p 222 -c cryptroot-unlock"

to this

DROPBEAR_OPTIONS="-p 222"
# -c cryptroot-unlock"

I commented the "-c cryptroot-unlock" that isn't going to work.

Last command before to start:

sudo update-initramfs -u

Starting the "manual" procedure!

⚠️ The migration requires a reboot around step 7

Before to start type: sudo -s to get administration privileges!

1. Modify the repositories: /etc/apt/sources.list

From:

deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

to:

deb http://deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
deb http://deb.devuan.org/merged daedalus-backports main contrib non-free non-free-firmware

2. Update the new repository

apt-get update --allow-insecure-repositories

It will complain but it will be fixed the next step.

3. Install the Devuan keyring

apt-get install devuan-keyring --allow-unauthenticated

4. Update & upgrade the repositories and the packages

apt-get update

⚠️ be careful NOT to use dist-upgrade here (cit. [1])

apt-get upgrade

5. Inoculate the anti-systemd vaccine

⚠️ Do not install RUNIT; it caused a lot of problem with the network interfaces that were solved after replacing RUNIT with OpenRC

apt-get install eudev openrc

6. Second shoot

apt-get -f install

7. Reboot the board (🤞)

A reboot is required to change sysvinit (runit…) to pid1 (cit [1]).

reboot

7.1 Unlock the board from SSH

If you are doing then migration headless you need to follow a temporarily work-around, here the steps:

• nix:
• ssh -i .ssh/unlock_luks -O "HostKeyAlgorithms ssh-rsa" -p 222 root@[your-assigned-ip] -v

Windows

• ssh -i ..ssh\unlock_luks -O "HostKeyAlgorithms ssh-rsa" -p 222 root@[your-assigned-ip] -v

Inside BUSYBOX:

touch /cryptroot/crypttab
cryptroot-unlock

Prompt the passphrase!

8. Detox the system

Now perform the migration proper. (cit. [1])

sudo apt-get dist-upgrade

9. Get rid off systemd for ever

sudo apt-get purge systemd libnss-systemd

10. Still detoxing

apt-get autoremove --purge

sudo apt-get autoclean

11. Final blow (update)

Unfortunately the standard procedure was unable to remove completely systemd thus libsystemd0 was still there, removing it is a bit convoluted:

sudo aptitude install elogind libpam-elogind policykit-1 --without-recommends
The following NEW packages will be installed:
  elogind libduktape207{a} libelogind0{a} libpam-elogind{b} 
  libpolkit-agent-1-0{a} libpolkit-gobject-1-0{a} 
  libpolkit-gobject-elogind-1-0{a} pkexec{a} policykit-1 
  polkitd{a} sgml-base{a} xml-core{a} 
The following packages are RECOMMENDED but will NOT be installed:
  gnome-flashback gnome-shell lxpolkit lxqt-policykit 
  mate-polkit phosh policykit-1-gnome polkit-kde-agent-1 
  polkitd-pkla ukui-polkit 
0 packages upgraded, 12 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,418 kB of archives. After unpacking 5,246 kB will be used.
The following packages have unmet dependencies:
 dummy-logind : Conflicts: logind which is a virtual package, provided by:
                           - libpam-elogind (246.10-5), but 246.10-5 is to be installed
                           - dummy-logind (246.10-5), but 246.10-5 is installed

 libpam-elogind : Depends: libelogind-compat but it is not going to be installed
The following actions will resolve these dependencies:

     Remove the following packages:                
1)     dummy-logind [246.10-5 (now, stable)]       
2)     libsystemd0 [252.17-1~deb12u1 (now, stable)]

     Install the following packages:               
3)     libelogind-compat [246.10-5 (stable)]

Accept this solution? [Y/n/q/?] y
The following NEW packages will be installed:
  elogind libduktape207{a} libelogind-compat{a} libelogind0{a} 
  libpam-elogind libpolkit-agent-1-0{a} 
  libpolkit-gobject-1-0{a} libpolkit-gobject-elogind-1-0{a} 
  pkexec{a} policykit-1 polkitd{a} sgml-base{a} xml-core{a} 
The following packages will be REMOVED:
  dummy-logind{a} libsystemd0{a} 
The following packages are RECOMMENDED but will NOT be installed:
  gnome-flashback gnome-shell lxpolkit lxqt-policykit 
  mate-polkit phosh policykit-1-gnome polkit-kde-agent-1 
  polkitd-pkla ukui-polkit 
0 packages upgraded, 13 newly installed, 2 to remove and 0 not upgraded.
Need to get 1,425 kB of archives. After unpacking 4,307 kB will be used.
Do you want to continue? [Y/n/?] y

Aptitude will resolve it leaving some packages with missing dependencies:

util-linux depends on libsystemd0.
ppp depends on libsystemd0.
lvm2 depends on libsystemd0 (>= 233).
libwebkit2gtk-4.1-0:arm64 depends on libsystemd0.
libwebkit2gtk-4.0-37:arm64 depends on libsystemd0.
libvte-2.91-0:arm64 depends on libsystemd0 (>= 220).
libseat1:arm64 depends on libsystemd0 (>= 238).
libpulse0:arm64 depends on libsystemd0.
liblvm2cmd2.03:arm64 depends on libsystemd0 (>= 233).
libjavascriptcoregtk-4.1-0:arm64 depends on libsystemd0.
libjavascriptcoregtk-4.0-18:arm64 depends on libsystemd0.
libgnome-desktop-3-20:arm64 depends on libsystemd0.
gnome-keyring depends on libsystemd0.
gcr depends on libsystemd0.
bsdutils depends on libsystemd0.
at-spi2-core depends on libsystemd0.

⚠️ In a different time you may find some of these libraries slightly updates

Reinstalling them but util-linux and bsdutils and adding cryptsetp, cryptsetup-initramfs and dropbear should fix it:

sudo aptitude reinstall ppp lvm2 libwebkit2gtk-4.1-0 libwebkit2gtk-4.0-37  libvte-2.91-0 libseat1 libpulse0 liblvm2cmd2.03 libjavascriptcoregtk-4.1-0 libjavascriptcoregtk-4.0-18 libgnome-desktop-3-20 gnome-keyring gcr at-spi2-core cryptsetup cryptsetup-initramfs dropbear-initramfs

For some reasons util-linux and bsdutils cannot be reinstalled, but if you run the command for fixing packages issues it won't find anything to fix:

sudo apt install -f -s
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Check to see if systemd is still there:

apt list --installed | grep systemd

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libsystemd-shared/stable,now 252.17-1~deb12u1 arm64 [installed]

OH-MY-GOSH!!! 😱

It is resilient like a parasite!!! 😩

Luckily it can be remove without fear!!! 💪

sudo apt purge libsystemd-shared

Completely removed! 🙏

💡 Congratulation you finally removed systemd! 👏 👏 👏

Fixing Dropbear

⚠️ This workaround will modify a system file, you do this at your own risk!

Our hero OP (GMID and Telescope author), suggested a tip to fix the broken script:

sudo micro /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock

💡 Copy the first line, paste it above and comment it with a # before, then make the changes to the line below

Modify this block:

if [ ! -f "$TABFILE" ] || [ "$TABFILE" -ot "/proc/1" ]; then
	# Too early, init-top/cryptroot hasn't finished yet
	echo "Try again later" >&2
	exit 1
fi

into:

if [ ! -f "$TABFILE" ] ; then
	# Too early, init-top/cryptroot hasn't finished yet
	echo "Try again later" >&2
	exit 1
fi

Basically this is what should be removed:

|| [ "$TABFILE" -ot "/proc/1" ]

Update the initramfs:

update-initramfs -u

Tweaks

This section couldn't miss! 😎

Update the entries in the GRUB menu

dpkg-reconfigure grub-efi-arm64

it will be prompt some questions, mostly are default, what you have to care are:

• Install grub on the extra path
• Install grub on the NVRAM

After that you can update grub:

update-grub

Get correct information from Screenfetch/Neofetch

sudo aptitude remove base-files

Don't remove but downgrade the package!

Modify CPU scaling

sudo apt install cpufrequtils

sudo micro /etc/default/cpufrequtils

Paste inside:

# valid values: userspace conservative powersave ondemand performance
# get them from cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors 
GOVERNOR="ondemand"

Caveats: /boot/efi not mounted

Since the OS boot and work properly even if that partition is not mount — as a matter of fact GRUB must be installed in the "extra media path" — I am not even sure having that partition mounted is actually needed as in a x86 installation. Since the partition it is not required to boot it can be mount later thanks to CRONTAB and the @reboot macro!

⚠️ This operation must be performed as root or with sudo

sudo crontab -e

and add:

@reboot mount /dev/disk/by-label/EFI /boot/efi

Wrapping this up

⚠️ Several issues caused by runit started to appear the day after I issued this gemlog. Therefore I made some updates: 1. I replaced runit with openrc, I also added a new section "CAVEATS" with further tuning.

Now I got my Devuan since this board doesn't get official support from FreeBSD and OpenBSD either. For me is a great improvement, I already got decent performance and better usability respect Armbian, Devuan is way more lighter and the lack of systemd make the use and the maintenance of the OS much easier.

This gemlog close the series and now I can finally prepare the main true topic; I haven't decided yet if fitting everything into one big gemlog or if creates the main one and a fourth auxiliary gemlog.

That's all, please should you find any typos or other mistakes do not hesitate to contact me by email! 🙏

────────────

For comments or suggestion write me at:

=> freezr AT disroot DOT org

=> ↩ go back