2
Disk Copy
2 month ago I backed up the 128G HDD of an old laptop with Ubuntu 16.04 on it, using dd:
# sudo dd if=/dev/sda of=/media/victor/blackWD/ss9backup.img conv=noerror bs=128k status=progress
Then I wiped the laptop 128G HDD and changed for new laptop.
Today, I'd like to recover my old home folder from the dd image I made from the 128 HDD of the old laptop. I'm working from my new laptop (512G HDD), with ubuntu 17.04 on it.
Mouting
Here is my 128G dd image stored on my external HDD (Western Digital 1TB):
# file /media/victor/blackWD/ss9backup.img
/media/victor/blackWD/ss9backup.img: DOS/MBR boot sector
I link the dd image onto loopback device:
# losetup --partscan --find --show /media/victor/blackWD/ss9backup.img
/dev/loop0
I check all losetup:
# losetup --all
/dev/loop0: [2049]:26922 (/media/victor/blackWD/ss9backup.img)
I fdisk the loop0:
# sudo fdisk -l /dev/loop0
Disk /dev/loop0: 119,2 GiB, 128035676160 bytes, 250069680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00026d62
Device Boot Start End Sectors Size Id Type
/dev/loop0p1 * 2048 499711 497664 243M 83 Linux
/dev/loop0p2 501758 250068991 249567234 119G 5 Extended
/dev/loop0p5 501760 250068991 249567232 119G 8e Linux LVM
Indeed, my backed up HDD was partitioned using LVM. Here is some blkid details:
# blkid
/dev/loop0: PTUUID="00026d62" PTTYPE="dos"
/dev/loop0p1: UUID="77d30c72-6286-49b5-9954-10f7651ee5c2" TYPE="ext2" PARTUUID="00026d62-01"
/dev/loop0p5: UUID="nkDpfj-PptW-Zo21-GUPs-G6Ro-OdIT-0tFk6N" TYPE="LVM2_member" PARTUUID="00026d62-05"
/dev/nvme0n1: PTUUID="0e1db479-955c-4964-8587-823e6cb15c98" PTTYPE="gpt"
/dev/nvme0n1p1: UUID="3F7E-BC4A" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="b4138b1c-f47a-4dd2-922e-c632e2712136"
/dev/nvme0n1p2: UUID="fc71fdfa-77ff-4104-95f6-6499348f2490" TYPE="ext4" PARTUUID="2b783871-027c-4e97-8781-cfe7c67d52bb"
/dev/sda1: LABEL="blackWD" UUID="038764D1793B8A8D" TYPE="ntfs" PARTUUID="0008c009-01"
Now map the devices using kpartx:
# kpartx -a /dev/loop0
check result:
# sudo file -Ls /dev/mapper/*
/dev/mapper/control: ERROR: cannot read `/dev/mapper/control' (Invalid argument)
/dev/mapper/loop0p1: Linux rev 1.0 ext2 filesystem data (mounted or unclean), UUID=77d30c72-6286-49b5-9954-10f7651ee5c2
/dev/mapper/loop0p2: DOS/MBR boot sector; partition 1 : ID=0x8e, start-CHS (0x1f,59,29), end-CHS (0x3ff,254,63), startsector 2, 249567232 sectors
/dev/mapper/loop0p5: LVM2 PV (Linux Logical Volume Manager), UUID: nkDpfj-PptW-Zo21-GUPs-G6Ro-OdIT-0tFk6N, size: 127778422784
/dev/mapper/ubuntu--vg-root: Linux rev 1.0 ext4 filesystem data, UUID=8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2 (needs journal recovery) (extents) (large files) (huge files)
/dev/mapper/ubuntu--vg-swap_1: data
Check the status of LVM partitions with lvdisplay:
# lvdisplay
--- Logical volume ---
LV Path /dev/ubuntu-vg/root
LV Name root
VG Name ubuntu-vg
LV UUID o20hjC-DEsi-Xtlb-z2J6-7Z1B-9tKl-4HzE17
LV Write Access read/write
LV Creation host, time ubuntu, 2014-03-29 01:34:48 +0100
LV Status available
# open 0
LV Size 111,29 GiB
Current LE 28490
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:3
--- Logical volume ---
LV Path /dev/ubuntu-vg/swap_1
LV Name swap_1
VG Name ubuntu-vg
LV UUID qhSxpL-pZAp-DUDi-aR7R-wCy1-w5JI-XCYNIn
LV Write Access read/write
LV Creation host, time ubuntu, 2014-03-29 01:34:48 +0100
LV Status available
# open 0
LV Size 7,71 GiB
Current LE 1974
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:4
and vgdisplay:
# vgdisplay
--- Volume group ---
VG Name ubuntu-vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 3
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 119,00 GiB
PE Size 4,00 MiB
Total PE 30464
Alloc PE / Size 30464 / 119,00 GiB
Free PE / Size 0 / 0
VG UUID 1qtlsn-vTuS-xPkL-wqwP-Gxvc-LUcm-sd68LV
I activate the LVM partitions with vgchange:
# vgchange -a y ubuntu-vg
2 logical volume(s) in volume group "ubuntu-vg" now active
I mount the root partition:
# mount -t ext4 -o ro,noload /dev/ubuntu-vg/root /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2
# ls /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2
boot dev home proc root run sys tmp var
Problem
.ecryptfs is missing in the mounted LVM partition:
/home# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/
total 12K
drwxr-xr-x 3 root root 4,0K juin 2 2015 .
drwxr-xr-x 11 root root 4,0K juin 2 2015 ..
dr-x------ 2 victor victor 4,0K mars 29 2014 victor
whereas here is my current /home content:
/home# ls -ahl
total 24K
drwxr-xr-x 4 root root 4,0K sept. 8 11:35 .
drwxr-xr-x 24 root root 4,0K oct. 11 11:22 ..
drwxrwxr-x 3 root root 4,0K sept. 8 11:35 .ecryptfs
drwx------ 41 victor victor 12K oct. 21 14:45 victor
And because this symlink didn't update:
# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs
lrwxrwxrwx 1 victor victor 32 mars 29 2014 /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs -> /home/.ecryptfs/victor/.ecryptfs
these two output are equal:
# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs/
total 20K
drwx------ 2 victor victor 4,0K sept. 8 11:48 .
drwxrwxr-x 4 victor victor 4,0K sept. 8 11:35 ..
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-mount
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-umount
-rw------- 1 victor victor 13 sept. 8 11:35 Private.mnt
-rw------- 1 victor victor 34 sept. 8 11:35 Private.sig
-rw------- 1 victor victor 58 sept. 8 11:35 wrapped-passphrase
-rw-r--r-- 1 victor victor 0 sept. 8 11:48 .wrapped-passphrase.recorded
and my current home:
# ls -ahl /home/victor/.ecryptfs
lrwxrwxrwx 1 victor victor 32 sept. 8 11:35 /home/victor/.ecryptfs -> /home/.ecryptfs/victor/.ecryptfs
# ls -ahl /home/.ecryptfs/victor/.ecryptfs
total 20K
drwx------ 2 victor victor 4,0K sept. 8 11:48 .
drwxrwxr-x 4 victor victor 4,0K sept. 8 11:35 ..
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-mount
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-umount
-rw------- 1 victor victor 13 sept. 8 11:35 Private.mnt
-rw------- 1 victor victor 34 sept. 8 11:35 Private.sig
-rw------- 1 victor victor 58 sept. 8 11:35 wrapped-passphrase
-rw-r--r-- 1 victor victor 0 sept. 8 11:48 .wrapped-passphrase.recorded
Where to look for the missing /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/.ecryptfs ?
HELP WOULD BE VERY APPRECIATED!
I have some very important files and memory pictures on the dd image...
Sulliwane
Posted 2017-10-21T14:54:05.197
Reputation: 121
I don't know the details of
ecryptfsat all but quick network search makes me suspect/home/.ecryptfsmay be just a (semi-temporary?) mountpoint. It looks like your current setup is very similar to the old one. What is the output ofmountin your current OS? This may give us some clue. – Kamil Maciorowski – 2017-10-28T21:02:45.033Did you run
findon the mounted image? Find anything named.ecryptfsor*Private*? What's in[image]/home/victor? Before making the backup & wiping the disk, did you try booting the old 16.04 & confirm that the home was actually encrypted? From here it looks like it might be just a regular non-encrypted home. Or was theddimage of the drive made while the drive itself was booted & running Ubuntu? – Xen2050 – 2017-11-30T11:39:28.497