Last active
February 16, 2022 03:36
-
-
Save ghfields/92660bc9199fee6c78e34b6913531722 to your computer and use it in GitHub Desktop.
Change "zpool create" to more feature rich set with improved encryption algorithm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run as root | |
# sudo -i | |
# Prepare LiveCD Environment | |
add-apt-repository -y ppa:jonathonf/zfs | |
apt install -y zfs-dkms | |
systemctl stop zfs-zed.service | |
modprobe -r zfs | |
modprobe zfs | |
# Manually Partition Disk | |
sgdisk -n2:1M:+2G -t2:8300 /dev/vda | |
mkfs /dev/vda2 | |
sgdisk -n3:0:0 -t3:BF07 /dev/vda | |
# Create pool | |
zpool create -o ashift=12 -O compression=lz4 -O relatime=on -O dnodesize=auto -O recordsize=1M -O xattr=sa -O normalization=formD -O acltype=posixacl -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase rpool /dev/vda3 | |
# Create temp ZVOL, and run ubiquity installer | |
zfs create -V 10G rpool/ubuntu-temp | |
ubiquity --no-bootloader #(install to /dev/zd0) | |
# Create root dataset and boot mountpoint, mount /boot and rsync | |
zfs create rpool/ROOT | |
zfs create rpool/ROOT/ubuntu-1 | |
mkdir /rpool/ROOT/ubuntu-1/boot | |
mount /dev/vda2 /rpool/ROOT/ubuntu-1/boot | |
rsync -avPX --exclude '/swapfile' /target/. /rpool/ROOT/ubuntu-1/. | |
# Turn off swap and destroy temp ZVOL, set up chroot and enter chroot | |
swapoff -a | |
umount /target | |
zfs destroy rpool/ubuntu-temp | |
for d in proc sys dev; do mount --bind /$d /rpool/ROOT/ubuntu-1/$d; done | |
cp /etc/resolv.conf /rpool/ROOT/ubuntu-1/etc/resolv.conf | |
# Inside chroot, install zfs | |
chroot /rpool/ROOT/ubuntu-1 add-apt-repository -y ppa:jonathonf/zfs | |
chroot /rpool/ROOT/ubuntu-1 apt install -y zfs-dkms zfs-initramfs | |
# Fix fstab and grub defaults | |
sed -e '/\s\/\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out / line | |
sed -e '/\sswap\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out /swap line | |
echo UUID=$(blkid -s UUID -o value /dev/vda2) /boot ext4 noatime 0 2 >> /rpool/ROOT/ubuntu-1/etc/fstab # Add /boot line | |
echo 'GRUB_DISABLE_OS_PROBER=true' >> /rpool/ROOT/ubuntu-1/etc/default/grub # Silent an error during grub-probe | |
# In my case, vt_handoff kernel option sometimes blocks TTY prompt | |
# # Change vt_handoff="1" to "0" in /etc/default/grub | |
sed -i '/vt_handoff/ s/="[^"][^"]*"/="0"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux | |
#grub-probe doesn't work to produce poolname with encryption enabled. Replaced with "zdb -l" command | |
sed -i 's/.*fs_label*/\trpool=\`zdb -l ${GRUB_DEVICE} \| grep \" name\"\| grep -o \"\x27.*\x27\"\| sed \"s\/\x27\/\/g\"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux | |
# Make grub.cfg and fix grub.cfg, make init, make bios_grub partition, install grub | |
chroot /rpool/ROOT/ubuntu-1 update-grub | |
chroot /rpool/ROOT/ubuntu-1 update-initramfs -u | |
chroot /rpool/ROOT/ubuntu-1 sgdisk -a1 -n1:512:2047 -t1:EF02 /dev/vda | |
chroot /rpool/ROOT/ubuntu-1 grub-install /dev/vda | |
# Unmount everything, set mountpoint, export pool and reboot | |
umount -R /rpool/ROOT/ubuntu-1 | |
zfs set mountpoint=/ rpool/ROOT/ubuntu-1 | |
zpool export rpool | |
# Restart computer | |
# shutdown -r 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@ghfields: Ok, that Ubiquity hack worked totally brilliantly! Thanks!