Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
2 files changed, 8 insertions, 2 deletions
encrypted.sh
| @@ -75,7 +75,10 @@ zpool export zroot | |||
| 75 | 75 | ||
| 76 | 76 | sudo -i | |
| 77 | 77 | apt remove kernelstub | |
| 78 | - | apt-mark hold kernelstub grub-pc grub-efi-amd64 grub-efi-amd64:i386 grub-efi-ia32 lilo | |
| 78 | + | apt-mark hold efibootmgr \ | |
| 79 | + | grub-common grub-common:i386 \ | |
| 80 | + | grub-efi-amd64-signed grub-efi-amd64:i386 grub-efi-amd64-bin grub-efi-ia32 grub-efi-amd64 grub-efi-amd64-bin:i386 \ | |
| 81 | + | grub-pc grub2-common kernelstub lilo | |
| 79 | 82 | # next time you have a kernel update, you'll likely have to upgrade with flags since we've held back dependencies | |
| 80 | 83 | sudo apt upgrade --with-new-pkgs linux-generic | |
| 81 | 84 | ||
unencrypted.sh
| @@ -54,7 +54,10 @@ export ID | |||
| 54 | 54 | ||
| 55 | 55 | apt update | |
| 56 | 56 | apt remove kernelstub | |
| 57 | - | apt-mark hold kernelstub grub-common grub-pc grub-efi-amd64-signed grub-efi-amd64:i386 grub-efi-amd64-bin grub-efi-ia32 lilo | |
| 57 | + | apt-mark hold efibootmgr \ | |
| 58 | + | grub-common grub-common:i386 \ | |
| 59 | + | grub-efi-amd64-signed grub-efi-amd64:i386 grub-efi-amd64-bin grub-efi-ia32 grub-efi-amd64 grub-efi-amd64-bin:i386 \ | |
| 60 | + | grub-pc grub2-common kernelstub lilo | |
| 58 | 61 | apt install zfs-initramfs zfsutils-linux zfs-dkms | |
| 59 | 62 | # next time you have a kernel update, you'll likely have to upgrade with flags since we've held back dependencies | |
| 60 | 63 | sudo apt upgrade --with-new-pkgs linux-generic | |
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
1 file changed, 113 insertions
unencrypted.sh(файл создан)
| @@ -0,0 +1,113 @@ | |||
| 1 | + | #! /usr/bin/env bash | |
| 2 | + | # adapted from https://docs.zfsbootmenu.org/en/v2.3.x/guides/ubuntu/uefi.html | |
| 3 | + | # script is not meant to be run non-interactively. read and understand before executing | |
| 4 | + | ||
| 5 | + | sudo -i | |
| 6 | + | ||
| 7 | + | source /etc/os-release | |
| 8 | + | export ID | |
| 9 | + | ||
| 10 | + | export POOL_DEVICE="/dev/nvme1n1p3" | |
| 11 | + | ||
| 12 | + | zpool create -f -o ashift=12 \ | |
| 13 | + | -O compression=zstd \ | |
| 14 | + | -O acltype=posixacl \ | |
| 15 | + | -O xattr=sa \ | |
| 16 | + | -O relatime=on \ | |
| 17 | + | -o autotrim=on \ | |
| 18 | + | -o compatibility=openzfs-2.1-linux \ | |
| 19 | + | -m none zroot "$POOL_DEVICE" | |
| 20 | + | ||
| 21 | + | zfs create -o mountpoint=none zroot/ROOT | |
| 22 | + | zfs create -o mountpoint=/ -o canmount=noauto zroot/ROOT/${ID} | |
| 23 | + | zfs create -o mountpoint=/home zroot/home | |
| 24 | + | ||
| 25 | + | zpool set bootfs=zroot/ROOT/${ID} zroot | |
| 26 | + | ||
| 27 | + | zpool export zroot | |
| 28 | + | zpool import -N -R /mnt/shredder-zfs zroot | |
| 29 | + | ||
| 30 | + | zfs mount zroot/ROOT/${ID} | |
| 31 | + | zfs mount zroot/home | |
| 32 | + | ||
| 33 | + | udevadm trigger | |
| 34 | + | ||
| 35 | + | rsync -avAHXx --numeric-ids --exclude='/home' --exclude='/timeshift' /mnt/shredder/ /mnt/shredder-zfs/ | |
| 36 | + | rsync -av --numeric-ids /mnt/shredder/home/ /mnt/shredder-zfs/home/ | |
| 37 | + | umount /mnt/shredder | |
| 38 | + | ||
| 39 | + | mount -t proc /proc /mnt/shredder-zfs/proc | |
| 40 | + | mount -t sysfs /sys /mnt/shredder-zfs/sys | |
| 41 | + | mount -B /dev /mnt/shredder-zfs/dev | |
| 42 | + | mount -t devpts pts /mnt/shredder-zfs/dev/pts | |
| 43 | + | mount /dev/nvme1n1p1 /mnt/shredder-zfs/boot/efi | |
| 44 | + | chroot /mnt/shredder-zfs /bin/bash | |
| 45 | + | ||
| 46 | + | ||
| 47 | + | ||
| 48 | + | ### now in zroot | |
| 49 | + | ||
| 50 | + | ||
| 51 | + | ||
| 52 | + | source /etc/os-release | |
| 53 | + | export ID | |
| 54 | + | ||
| 55 | + | apt update | |
| 56 | + | apt remove kernelstub | |
| 57 | + | apt-mark hold kernelstub grub-common grub-pc grub-efi-amd64-signed grub-efi-amd64:i386 grub-efi-amd64-bin grub-efi-ia32 lilo | |
| 58 | + | apt install zfs-initramfs zfsutils-linux zfs-dkms | |
| 59 | + | # next time you have a kernel update, you'll likely have to upgrade with flags since we've held back dependencies | |
| 60 | + | sudo apt upgrade --with-new-pkgs linux-generic | |
| 61 | + | ||
| 62 | + | systemctl enable zfs.target | |
| 63 | + | systemctl enable zfs-import-cache | |
| 64 | + | systemctl enable zfs-mount | |
| 65 | + | systemctl enable zfs-import.target | |
| 66 | + | ||
| 67 | + | echo "UMASK=0077" > /etc/initramfs-tools/conf.d/umask.conf | |
| 68 | + | ||
| 69 | + | update-initramfs -c -k all | |
| 70 | + | ||
| 71 | + | zfs set org.zfsbootmenu:commandline="systemd.show_status=false splash loglevel=0 quiet" zroot/ROOT | |
| 72 | + | ||
| 73 | + | # assumes your ESP is mounted at /boot/efi | |
| 74 | + | ||
| 75 | + | # removing kernelstub entries and boot files | |
| 76 | + | rm /boot/efi/loader/entries/Pop* | |
| 77 | + | rm -r /boot/efi/EFI/Pop* | |
| 78 | + | ||
| 79 | + | # copy zbm boot files | |
| 80 | + | wget -qO- https://get.zfsboot.menu/components/release | tar xvz -C /boot/efi/EFI | |
| 81 | + | # ignore ownership errors | |
| 82 | + | mv /boot/efi/EFI/zfsbootmenu-release-x86_64-v* /boot/efi/EFI/zbm | |
| 83 | + | ||
| 84 | + | # add entries | |
| 85 | + | cat << EOF > /boot/efi/loader/entries/pop.conf | |
| 86 | + | title Pop!_OS | |
| 87 | + | linux /EFI/zbm/vmlinuz-bootmenu | |
| 88 | + | initrd /EFI/zbm/initramfs-bootmenu.img | |
| 89 | + | options zbm.skip systemd.show_status=false splash loglevel=0 quiet | |
| 90 | + | EOF | |
| 91 | + | ||
| 92 | + | cat << EOF > /boot/efi/loader/entries/zbm.conf | |
| 93 | + | title ZFSBootMenu | |
| 94 | + | linux /EFI/zbm/vmlinuz-bootmenu | |
| 95 | + | initrd /EFI/zbm/initramfs-bootmenu.img | |
| 96 | + | options zbm.show | |
| 97 | + | EOF | |
| 98 | + | ||
| 99 | + | echo 'default pop' > /boot/efi/loader/loader.conf | |
| 100 | + | ||
| 101 | + | exit | |
| 102 | + | ||
| 103 | + | ||
| 104 | + | ||
| 105 | + | ### out of zroot | |
| 106 | + | ||
| 107 | + | ||
| 108 | + | ||
| 109 | + | umount -n -R /mnt/shredder-zfs | |
| 110 | + | zpool export zroot | |
| 111 | + | ||
| 112 | + | # reboot into system | |
| 113 | + | systemctl reboot | |
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
1 file changed, 2 insertions, 2 deletions
main.sh переименован в encrypted.sh
| @@ -87,14 +87,14 @@ wget -qO- https://get.zfsboot.menu/components/release | tar xvz -C /boot/efi/EFI | |||
| 87 | 87 | mv /boot/efi/EFI/zfsbootmenu-release-x86_64-v* /boot/efi/EFI/zbm | |
| 88 | 88 | ||
| 89 | 89 | # add entries | |
| 90 | - | cat <EOF > /boot/efi/loader/entries/pop.conf | |
| 90 | + | cat << EOF > /boot/efi/loader/entries/pop.conf | |
| 91 | 91 | title Pop!_OS | |
| 92 | 92 | linux /EFI/zbm/vmlinuz-bootmenu | |
| 93 | 93 | initrd /EFI/zbm/initramfs-bootmenu.img | |
| 94 | 94 | options zbm.skip systemd.show_status=false splash loglevel=0 quiet | |
| 95 | 95 | EOF | |
| 96 | 96 | ||
| 97 | - | cat <EOF > /boot/efi/loader/entries/zbm.conf | |
| 97 | + | cat << EOF > /boot/efi/loader/entries/zbm.conf | |
| 98 | 98 | title ZFSBootMenu | |
| 99 | 99 | linux /EFI/zbm/vmlinuz-bootmenu | |
| 100 | 100 | initrd /EFI/zbm/initramfs-bootmenu.img | |
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
1 file changed, 3 insertions, 7 deletions
main.sh
| @@ -75,16 +75,12 @@ zpool export zroot | |||
| 75 | 75 | ||
| 76 | 76 | sudo -i | |
| 77 | 77 | apt remove kernelstub | |
| 78 | - | cat <<EOF > /etc/apt/preferences.d/blacklist-kernelstub | |
| 79 | - | Package: kernelstub | |
| 80 | - | Pin: release * | |
| 81 | - | Pin-Priority: -1 | |
| 82 | - | EOF | |
| 78 | + | apt-mark hold kernelstub grub-pc grub-efi-amd64 grub-efi-amd64:i386 grub-efi-ia32 lilo | |
| 79 | + | # next time you have a kernel update, you'll likely have to upgrade with flags since we've held back dependencies | |
| 80 | + | sudo apt upgrade --with-new-pkgs linux-generic | |
| 83 | 81 | ||
| 84 | 82 | # assumes your ESP is mounted at /boot/efi | |
| 85 | 83 | ||
| 86 | - | sudo -i | |
| 87 | - | ||
| 88 | 84 | # copy zbm boot files | |
| 89 | 85 | wget -qO- https://get.zfsboot.menu/components/release | tar xvz -C /boot/efi/EFI | |
| 90 | 86 | # ignore ownership errors | |
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
1 file changed, 1 insertion
main.sh
| @@ -1,5 +1,6 @@ | |||
| 1 | 1 | #! /usr/bin/env bash | |
| 2 | 2 | # adapted from https://docs.zfsbootmenu.org/en/v2.3.x/guides/ubuntu/uefi.html | |
| 3 | + | # script is not meant to be run non-interactively. read and understand before executing | |
| 3 | 4 | ||
| 4 | 5 | sudo -i | |
| 5 | 6 | ||
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
2 files changed, 35 insertions, 2 deletions
efi.sh (файл удалён)
| @@ -1 +0,0 @@ | |||
| 1 | - | # to do, add instructions for revising EFI | |
root.sh переименован в main.sh
| @@ -1,6 +1,8 @@ | |||
| 1 | 1 | #! /usr/bin/env bash | |
| 2 | 2 | # adapted from https://docs.zfsbootmenu.org/en/v2.3.x/guides/ubuntu/uefi.html | |
| 3 | 3 | ||
| 4 | + | sudo -i | |
| 5 | + | ||
| 4 | 6 | source /etc/os-release | |
| 5 | 7 | export ID | |
| 6 | 8 | ||
| @@ -69,7 +71,6 @@ exit | |||
| 69 | 71 | ||
| 70 | 72 | umount -n -R /mnt | |
| 71 | 73 | zpool export zroot | |
| 72 | - | # reboot into system | |
| 73 | 74 | ||
| 74 | 75 | sudo -i | |
| 75 | 76 | apt remove kernelstub | |
| @@ -78,3 +79,36 @@ Package: kernelstub | |||
| 78 | 79 | Pin: release * | |
| 79 | 80 | Pin-Priority: -1 | |
| 80 | 81 | EOF | |
| 82 | + | ||
| 83 | + | # assumes your ESP is mounted at /boot/efi | |
| 84 | + | ||
| 85 | + | sudo -i | |
| 86 | + | ||
| 87 | + | # copy zbm boot files | |
| 88 | + | wget -qO- https://get.zfsboot.menu/components/release | tar xvz -C /boot/efi/EFI | |
| 89 | + | # ignore ownership errors | |
| 90 | + | mv /boot/efi/EFI/zfsbootmenu-release-x86_64-v* /boot/efi/EFI/zbm | |
| 91 | + | ||
| 92 | + | # add entries | |
| 93 | + | cat <EOF > /boot/efi/loader/entries/pop.conf | |
| 94 | + | title Pop!_OS | |
| 95 | + | linux /EFI/zbm/vmlinuz-bootmenu | |
| 96 | + | initrd /EFI/zbm/initramfs-bootmenu.img | |
| 97 | + | options zbm.skip systemd.show_status=false splash loglevel=0 quiet | |
| 98 | + | EOF | |
| 99 | + | ||
| 100 | + | cat <EOF > /boot/efi/loader/entries/zbm.conf | |
| 101 | + | title ZFSBootMenu | |
| 102 | + | linux /EFI/zbm/vmlinuz-bootmenu | |
| 103 | + | initrd /EFI/zbm/initramfs-bootmenu.img | |
| 104 | + | options zbm.show | |
| 105 | + | EOF | |
| 106 | + | ||
| 107 | + | echo 'default pop' > /boot/efi/loader/loader.conf | |
| 108 | + | ||
| 109 | + | # removing kernelstub entries and boot files | |
| 110 | + | rm /boot/efi/loader/entries/Pop-* | |
| 111 | + | rm -r /boot/efi/EFI/Pop* | |
| 112 | + | ||
| 113 | + | # reboot into system | |
| 114 | + | systemctl reboot | |
Winston Hoy ревизий этого фрагмента 2 years ago. К ревизии
2 files changed, 81 insertions
efi.sh(файл создан)
| @@ -0,0 +1 @@ | |||
| 1 | + | # to do, add instructions for revising EFI | |
root.sh(файл создан)
| @@ -0,0 +1,80 @@ | |||
| 1 | + | #! /usr/bin/env bash | |
| 2 | + | # adapted from https://docs.zfsbootmenu.org/en/v2.3.x/guides/ubuntu/uefi.html | |
| 3 | + | ||
| 4 | + | source /etc/os-release | |
| 5 | + | export ID | |
| 6 | + | ||
| 7 | + | export POOL_DISK="/dev/sdg" | |
| 8 | + | export POOL_PART="3" | |
| 9 | + | export POOL_DEVICE="${POOL_DISK}${POOL_PART}" | |
| 10 | + | ||
| 11 | + | echo 'passphrase' > /etc/zfs/zroot.key | |
| 12 | + | chmod 000 /etc/zfs/zroot.key | |
| 13 | + | ||
| 14 | + | zpool create -f -o ashift=12 \ | |
| 15 | + | -O compression=zstd \ | |
| 16 | + | -O acltype=posixacl \ | |
| 17 | + | -O xattr=sa \ | |
| 18 | + | -O relatime=on \ | |
| 19 | + | -O encryption=aes-256-gcm \ | |
| 20 | + | -O keylocation=file:///etc/zfs/zroot.key \ | |
| 21 | + | -O keyformat=passphrase \ | |
| 22 | + | -o autotrim=on \ | |
| 23 | + | -o compatibility=openzfs-2.1-linux \ | |
| 24 | + | -m none zroot "$POOL_DEVICE" | |
| 25 | + | ||
| 26 | + | zfs create -o mountpoint=none zroot/ROOT | |
| 27 | + | zfs create -o mountpoint=/ -o canmount=noauto zroot/ROOT/${ID} | |
| 28 | + | zfs create -o mountpoint=/home zroot/home | |
| 29 | + | ||
| 30 | + | zpool set bootfs=zroot/ROOT/${ID} zroot | |
| 31 | + | ||
| 32 | + | zpool export zroot | |
| 33 | + | zpool import -N -R /mnt zroot | |
| 34 | + | zfs load-key -L prompt zroot | |
| 35 | + | ||
| 36 | + | zfs mount zroot/ROOT/${ID} | |
| 37 | + | zfs mount zroot/home | |
| 38 | + | ||
| 39 | + | udevadm trigger | |
| 40 | + | ||
| 41 | + | rsync -avAHXx --numeric-ids --exclude='/home' --exclude='/timeshift' /media/curiouser/5b30118c-3837-4895-9c60-70ea27dd36d9/ mnt/ | |
| 42 | + | rsync -av --numeric-ids /media/curiouser/5b30118c-3837-4895-9c60-70ea27dd36d9/home/ mnt/home/ | |
| 43 | + | ||
| 44 | + | mount -t proc proc mnt/proc | |
| 45 | + | mount -t sysfs sys mnt/sys | |
| 46 | + | mount -B /dev mnt/dev | |
| 47 | + | mount -t devpts pts mnt/dev/pts | |
| 48 | + | chroot mnt /bin/bash | |
| 49 | + | ||
| 50 | + | source /etc/os-release | |
| 51 | + | export ID | |
| 52 | + | ||
| 53 | + | apt update | |
| 54 | + | apt install zfs-initramfs zfsutils-linux | |
| 55 | + | ||
| 56 | + | systemctl enable zfs.target | |
| 57 | + | systemctl enable zfs-import-cache | |
| 58 | + | systemctl enable zfs-mount | |
| 59 | + | systemctl enable zfs-import.target | |
| 60 | + | ||
| 61 | + | echo "UMASK=0077" > /etc/initramfs-tools/conf.d/umask.conf | |
| 62 | + | ||
| 63 | + | update-initramfs -c -k all | |
| 64 | + | ||
| 65 | + | zfs set org.zfsbootmenu:commandline="systemd.show_status=false splash loglevel=0 quiet resume=UUID=9a4e4168-0964-4895-8d40-0e1ee0bf5d9a" zroot/ROOT | |
| 66 | + | zfs set org.zfsbootmenu:keysource="zroot/ROOT/${ID}" zroot | |
| 67 | + | ||
| 68 | + | exit | |
| 69 | + | ||
| 70 | + | umount -n -R /mnt | |
| 71 | + | zpool export zroot | |
| 72 | + | # reboot into system | |
| 73 | + | ||
| 74 | + | sudo -i | |
| 75 | + | apt remove kernelstub | |
| 76 | + | cat <<EOF > /etc/apt/preferences.d/blacklist-kernelstub | |
| 77 | + | Package: kernelstub | |
| 78 | + | Pin: release * | |
| 79 | + | Pin-Priority: -1 | |
| 80 | + | EOF | |