Last active
July 24, 2024 15:51
-
-
Save JoelJaeschke/af0a9c3a6a4425b2c58c69c4a60fe292 to your computer and use it in GitHub Desktop.
Fedora Bootstrap Installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set environmental vars like which disk to install to | |
DISK="/dev/nvme0n1" | |
RELEASE=40 | |
# Become root and disable SELinux | |
sudo -i -u root | |
setenforce 0 | |
# Reset partition table and create new one | |
wipefs -a $DISK | |
parted $DISK mklabel gpt mkpart EFI fat32 1 1001MiB set 1 esp on mkpart SYS 1001MiB 100% | |
# Create partitions | |
mkfs.fat -F 32 "${DISK}p1" | |
cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --pbkdf argon2id "${DISK}p2" | |
cryptsetup luksOpen "${DISK}p2" crypto_root | |
mkfs.ext4 -m0 /dev/mapper/crypto_root # -m0 reserves 0 percent for root user | |
# Prepare for installation | |
mount /dev/mapper/crypto_root /mnt | |
mkdir -p /mnt/boot/efi | |
mount "${DISK}p1" /mnt/boot/efi | |
udevadm trigger # Why do I do this? | |
mkdir -p /mnt/{proc,sys,dev/pts} | |
mount -t proc proc /mnt/proc | |
mount -t sysfs sys /mnt/sys | |
mount -B /dev /mnt/dev | |
mount -t devpts pts /mnt/dev/pts | |
# Install core system | |
dnf --installroot=/mnt --releasever=$RELEASE groupinstall -y core | |
dnf --installroot=/mnt install -y glibc-langpack-en | |
# Copy resolv.conf | |
mv /mnt/etc/resolv.conf /mnt/etc/resolv.conf.back | |
cp /etc/resolv.conf /mnt/etc/resolv.conf | |
# Generate /etc/fstab | |
dnf install -y arch-install-scripts | |
genfstab -U /mnt >> /mnt/etc/fstab # Remove entry for zram | |
# chroot into new system | |
chroot /mnt /bin/bash | |
mount -t efivarfs efivarfs /sys/firmware/efi/efivars | |
fixfiles -F onboot | |
dnf install -y efi-filesystem efibootmgr fwupd kernel dracut binutils systemd-boot cryptsetup | |
# Prepare all steps for UKI construction and proper decryption procedure | |
echo "crypto_root UUID=$(cryptsetup luksUUID /dev/nvme0n1p2) none" > /etc/crypttab | |
echo "kernel_cmdline=\"root=UUID=$(blkid -s UUID -o value /dev/mapper/crypto_root) ro rd.luks.name=$(blkid -s UUID -o value /dev/nvme0n1p2)=crypto_root rhgb quiet\"" > /etc/dracut.conf.d/cmdline.conf | |
cat << EOF > /usr/bin/update_uki.sh | |
#!/bin/bash | |
printf "\nI: Updating unified kernel image...\n" | |
kernel_version=$(ls -lrt --full-time /lib/modules | grep -v "debug" | cut -d" " -f9 | tail -n1) | |
printf "I: New kernel version is $kernel_version\n" | |
printf "I: Copying old image as backup\n" | |
if [ -e /boot/efi/EFI/fedora/unified_kernel.efi ]; then | |
cp /boot/efi/EFI/fedora/unified_kernel.efi /boot/efi/EFI/fedora/unified_kernel_old.efi | |
mv /boot/efi/EFI/fedora/unified_kernel.efi /boot/efi/EFI/fedora/unified_kernel_$(uname -r).efi | |
fi | |
printf "I: Moving files to /boot\n" | |
cp /lib/modules/$kernel_version/vmlinuz /boot/vmlinuz-$kernel_version | |
cp /lib/modules/$kernel_version/config /boot/config-$kernel_version | |
cp /lib/modules/$kernel_version/System.map /boot/System.map-$kernel_version | |
# Build new kernel image | |
dracut --uefi --kver="$kernel_version" /boot/efi/EFI/fedora/unified_kernel.efi | |
EOF | |
chmod 0744 /usr/bin/update_uki.sh | |
efibootmgr --quiet --create --disk /dev/nvme0n1p1 --label "Fedora UKI" --loader /EFI/fedora/unified_kernel.efi | |
systemd-firstboot --prompt | |
passwd | |
update_uki.sh # Force-rebuild | |
exit # exit chroot | |
umount -n -R /mnt | |
reboot | |
# Remove grub | |
rm /etc/dnf/protected.d/*grub* | |
dnf remove -y grubby grub2\* | |
rm -rf /boot/grub2 | |
useradd -mG wheel meep | |
passwd meep | |
exit | |
# login as user | |
sudo -i -u root | |
dnf groupinstall -y "Fedora Workstation" | |
reboot | |
# Login as user | |
dnf update | |
dnf install python3-dnf-plugins-post-transaction-actions.noarch | |
echo "kernel-core.x86_64:any:/usr/bin/update_uki.sh" > /etc/dnf/plugins/post-transaction-actions.d/kernel_upgrade.action | |
# Follow post-install guide like here: https://github.com/devangshekhawat/Fedora-40-Post-Install-Guide |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment