Skip to content

Instantly share code, notes, and snippets.

Last active February 16, 2022 03:36
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ghfields/92660bc9199fee6c78e34b6913531722 to your computer and use it in GitHub Desktop.
Save ghfields/92660bc9199fee6c78e34b6913531722 to your computer and use it in GitHub Desktop.
Change "zpool create" to more feature rich set with improved encryption algorithm
# Run as root
# sudo -i
# Prepare LiveCD Environment
add-apt-repository -y ppa:jonathonf/zfs
apt install -y zfs-dkms
systemctl stop zfs-zed.service
modprobe -r zfs
modprobe zfs
# Manually Partition Disk
sgdisk -n2:1M:+2G -t2:8300 /dev/vda
mkfs /dev/vda2
sgdisk -n3:0:0 -t3:BF07 /dev/vda
# Create pool
zpool create -o ashift=12 -O compression=lz4 -O relatime=on -O dnodesize=auto -O recordsize=1M -O xattr=sa -O normalization=formD -O acltype=posixacl -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase rpool /dev/vda3
# Create temp ZVOL, and run ubiquity installer
zfs create -V 10G rpool/ubuntu-temp
ubiquity --no-bootloader #(install to /dev/zd0)
# Create root dataset and boot mountpoint, mount /boot and rsync
zfs create rpool/ROOT
zfs create rpool/ROOT/ubuntu-1
mkdir /rpool/ROOT/ubuntu-1/boot
mount /dev/vda2 /rpool/ROOT/ubuntu-1/boot
rsync -avPX --exclude '/swapfile' /target/. /rpool/ROOT/ubuntu-1/.
# Turn off swap and destroy temp ZVOL, set up chroot and enter chroot
swapoff -a
umount /target
zfs destroy rpool/ubuntu-temp
for d in proc sys dev; do mount --bind /$d /rpool/ROOT/ubuntu-1/$d; done
cp /etc/resolv.conf /rpool/ROOT/ubuntu-1/etc/resolv.conf
# Inside chroot, install zfs
chroot /rpool/ROOT/ubuntu-1 add-apt-repository -y ppa:jonathonf/zfs
chroot /rpool/ROOT/ubuntu-1 apt install -y zfs-dkms zfs-initramfs
# Fix fstab and grub defaults
sed -e '/\s\/\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out / line
sed -e '/\sswap\s/ s/^#*/#/' -i /rpool/ROOT/ubuntu-1/etc/fstab #Comment out /swap line
echo UUID=$(blkid -s UUID -o value /dev/vda2) /boot ext4 noatime 0 2 >> /rpool/ROOT/ubuntu-1/etc/fstab # Add /boot line
echo 'GRUB_DISABLE_OS_PROBER=true' >> /rpool/ROOT/ubuntu-1/etc/default/grub # Silent an error during grub-probe
# In my case, vt_handoff kernel option sometimes blocks TTY prompt
# # Change vt_handoff="1" to "0" in /etc/default/grub
sed -i '/vt_handoff/ s/="[^"][^"]*"/="0"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux
#grub-probe doesn't work to produce poolname with encryption enabled. Replaced with "zdb -l" command
sed -i 's/.*fs_label*/\trpool=\`zdb -l ${GRUB_DEVICE} \| grep \" name\"\| grep -o \"\x27.*\x27\"\| sed \"s\/\x27\/\/g\"/' /rpool/ROOT/ubuntu-1/etc/grub.d/10_linux
# Make grub.cfg and fix grub.cfg, make init, make bios_grub partition, install grub
chroot /rpool/ROOT/ubuntu-1 update-grub
chroot /rpool/ROOT/ubuntu-1 update-initramfs -u
chroot /rpool/ROOT/ubuntu-1 sgdisk -a1 -n1:512:2047 -t1:EF02 /dev/vda
chroot /rpool/ROOT/ubuntu-1 grub-install /dev/vda
# Unmount everything, set mountpoint, export pool and reboot
umount -R /rpool/ROOT/ubuntu-1
zfs set mountpoint=/ rpool/ROOT/ubuntu-1
zpool export rpool
# Restart computer
# shutdown -r 0
Copy link

@ghfields: Ok, that Ubiquity hack worked totally brilliantly! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment