From 13271f2467a484dba3b1db8c95b861dc524bfe67 Mon Sep 17 00:00:00 2001 From: Maurice Zhou Date: Mon, 22 Feb 2021 12:24:44 +0800 Subject: [PATCH] Arch Linux: Multiple fixes Signed-off-by: Maurice Zhou --- .../Arch Linux/Arch Linux Root on ZFS.rst | 288 ++++++++++++------ .../Arch Linux/Artix Linux Root on ZFS.rst | 276 ++++++++++++----- .../Getting Started/Arch Linux/archzfs/key-id | 1 + .../Arch Linux/archzfs/mirrorlist-archzfs | 12 + docs/Getting Started/Arch Linux/index.rst | 87 ++++-- 5 files changed, 468 insertions(+), 196 deletions(-) create mode 100644 docs/Getting Started/Arch Linux/archzfs/key-id create mode 100644 docs/Getting Started/Arch Linux/archzfs/mirrorlist-archzfs diff --git a/docs/Getting Started/Arch Linux/Arch Linux Root on ZFS.rst b/docs/Getting Started/Arch Linux/Arch Linux Root on ZFS.rst index 0f24ed5..acb3a08 100644 --- a/docs/Getting Started/Arch Linux/Arch Linux Root on ZFS.rst +++ b/docs/Getting Started/Arch Linux/Arch Linux Root on ZFS.rst @@ -34,7 +34,7 @@ related to this HOWTO, please `file a new issue and mention @ne9z Contributing ~~~~~~~~~~~~ -#. Fork and clone: https://github.com/openzfs/openzfs-docs +#. Fork and clone `this repo `__. #. Install the tools:: @@ -73,21 +73,36 @@ without the passphrase being entered at the console. Performance is good. As the encryption happens in ZFS, even if multiple disks (mirror or raidz topologies) are used, the data only has to be encrypted once. - Preinstallation ---------------- Download Arch Linux live image ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #. Choose a mirror - https://archlinux.org/mirrorlist/all/ + `Mirrorlist `__ -#. Download Feb 2021 build. `File a new issue and mention @ne9z +#. Download Feb 2021 build and signature. `File a new issue and mention @ne9z `__ if it's no longer available. - https://mirrors.dotsrc.org/archlinux/iso/2021.02.01/archlinux-2021.02.01-x86_64.iso + - `ISO (US mirror) `__ + - `Signature `__ + +#. Check live image against signature:: + + gpg --auto-key-retrieve --verify archlinux-2021.02.01-x86_64.iso.sig + + If the file is authentic, output should be the following:: + + gpg: Signature made Mon 01 Feb 2021 03:23:39 PM UTC + gpg: using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC + gpg: Good signature from "Pierre Schmitz " [unknown] + ... + Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE 28B7 7F2D 434B 9741 E8AC + + Ensure ``Good signature`` and last 8 digits are ``9741 E8AC``, + as listed on `Arch Linux Developers `__ page. #. Write the image to a USB drive or an optical disc. @@ -127,24 +142,18 @@ Prepare the Live Environment #. Import keys of archzfs repository:: - curl -O https://archzfs.com/archzfs.gpg - pacman-key -a archzfs.gpg - pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76 + curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - + curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {} #. Add archzfs repository:: tee -a /etc/pacman.conf <<- 'EOF' - + [archzfs] Include = /etc/pacman.d/mirrorlist-archzfs - - EOF - tee -a /etc/pacman.d/mirrorlist-archzfs <<- 'EOF' - Server = https://archzfs.com/$repo/$arch - Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch - Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch - Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch EOF + + curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs #. Select mirror: @@ -369,7 +378,7 @@ Create Root and Boot Pools - Unencrypted:: - zpool create \ + zpool create \ -o ashift=12 \ -O acltype=posixacl \ -O canmount=off \ @@ -396,7 +405,7 @@ Create Root and Boot Pools -O xattr=sa \ -O mountpoint=/ \ -R $INST_MNT \ - -O encryption=aes-256-gcm \ + -O encryption=on \ -O keylocation=prompt \ -O keyformat=passphrase \ rpool_$INST_UUID \ @@ -502,10 +511,6 @@ Create Datasets #. Optional user data datasets: - If you use /opt on this system:: - - zfs create -o canmount=on rpool_$INST_UUID/DATA/default/opt - If this system will have games installed:: zfs create -o canmount=on rpool_$INST_UUID/DATA/default/var/games @@ -547,7 +552,6 @@ Format and Mount EFI System Partition If you are using a multi-disk setup, this step will only install bootloader to the first disk. Other disks will be handled later. - Package Installation ~~~~~~~~~~~~~~~~~~~~ @@ -604,20 +608,20 @@ System Configuration mkdir -p $INST_MNT/etc/zfs/zfs-list.cache - zfs list -H -t filesystem -o $PROPS -r rpool_$INST_UUID \ - > $INST_MNT/etc/zfs/zfs-list.cache/rpool_$INST_UUID + zfs list -H -t filesystem -o $PROPS -r rpool_$INST_UUID > $INST_MNT/etc/zfs/zfs-list.cache/rpool_$INST_UUID sed -Ei "s|$INST_MNT/?|/|" $INST_MNT/etc/zfs/zfs-list.cache/* #. Generate fstab:: - echo bpool_$INST_UUID/BOOT/default /boot zfs rw,xattr,posixacl 0 0 >> $INST_MNT/etc/fstab - echo UUID=$(blkid -s UUID -o value ${DISK}-part1) /boot/efi vfat umask=0022,fmask=0022,dmask=0022 0 1 >> $INST_MNT/etc/fstab + echo bpool_$INST_UUID/BOOT/default /boot zfs rw,xattr,posixacl 0 0 >> $INST_MNT/etc/fstab + echo UUID=$(blkid -s UUID -o value ${DISK}-part1) /boot/efi vfat \ + x-systemd.idle-timeout=1min,x-systemd.automount,noauto,umask=0022,fmask=0022,dmask=0022 0 1 >> $INST_MNT/etc/fstab If a swap partition has been created:: - echo crypt-swap ${DISK}-part4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256 >> $INST_MNT/etc/crypttab - echo /dev/mapper/crypt-swap none swap defaults 0 0 >> $INST_MNT/etc/fstab + echo crypt-swap ${DISK}-part4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256 >> $INST_MNT/etc/crypttab + echo /dev/mapper/crypt-swap none swap defaults 0 0 >> $INST_MNT/etc/fstab #. Configure mkinitcpio:: @@ -660,21 +664,6 @@ System Configuration ln -sf $INST_TZ $INST_MNT/etc/localtime hwclock --systohc -#. archzfs repository:: - - tee -a $INST_MNT/etc/pacman.conf <<- 'EOF' - - [archzfs] - Include = /etc/pacman.d/mirrorlist-archzfs - - EOF - tee -a $INST_MNT/etc/pacman.d/mirrorlist-archzfs <<- 'EOF' - Server = https://archzfs.com/$repo/$arch - Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch - Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch - Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch - EOF - #. Locale:: echo "en_US.UTF-8 UTF-8" >> $INST_MNT/etc/locale.gen @@ -690,6 +679,21 @@ System Configuration locale-gen +#. Import keys of archzfs repository:: + + curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - + curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {} + +#. Add archzfs repository:: + + tee -a /etc/pacman.conf <<- 'EOF' + + [archzfs] + Include = /etc/pacman.d/mirrorlist-archzfs + EOF + + curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs + #. Enable networking:: systemctl enable systemd-networkd systemd-resolved @@ -701,7 +705,7 @@ System Configuration #. Generate zpool.cache Pools are imported by initramfs with the information stored in ``/etc/zfs/zpool.cache``. - This cache file will be embedded in ``initramfs``. + This cache file will be embedded in initramfs. :: @@ -723,29 +727,34 @@ Currently GRUB has multiple compatibility problems with ZFS, especially with regards to newer ZFS features. Workarounds have to be applied. -grub-probe fails to get canonical path of root partition -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +grub-probe fails to get canonical path +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +When persistent device names ``/dev/disk/by-id/*`` are used +with ZFS, GRUB will fail to resolve the path of the boot pool +device. Error:: + + # /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'. + Solution:: echo 'export ZPOOL_VDEV_NAME_PATH=YES' >> /etc/profile source /etc/profile -**Notes:** - - When persistent device names ``/dev/disk/by-id/*`` are used - with ZFS, GRUB will fail to resolve the path of the boot pool - device. Error:: - - # /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'. - -Pool name missing if the pool has unsupported features -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Pool name missing +~~~~~~~~~~~~~~~~~ See `this bug report `__. +Root pool name is missing from ``root=ZFS=rpool/ROOT/default`` +in generated ``grub.cfg`` file. + A workaround is to replace the pool name detection with ``zdb`` command:: sed -i "s|rpool=.*|rpool=\`zdb -l \${GRUB_DEVICE} \| grep -E '[[:blank:]]name' \| cut -d\\\' -f 2\`|" /etc/grub.d/10_linux +If you forgot to apply this workaround and +followed this guide to use ``rpool_$INST_UUID`` and ``bpool_$INST_UUID``, +``$INST_UUID`` can be found out with `Load grub.cfg in GRUB command line`_. + GRUB Installation ~~~~~~~~~~~~~~~~~ @@ -768,7 +777,11 @@ GRUB Installation grub-install $DISK If this is a multi-disk setup, - install to other disks as well. + install to other disks as well:: + + for i in {target_disk2,target_disk3}; do + grub-install /dev/disk/by-id/$i + done Generate GRUB Boot Menu ~~~~~~~~~~~~~~~~~~~~~~~ @@ -804,38 +817,24 @@ After Reboot ------------ Mirror EFI System Partition ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#. Format redundant EFI partitions:: - mkfs.vfat -n EFI2 /dev/disk/by-id/target_disk2-part1 - mkfs.vfat -n EFI3 /dev/disk/by-id/target_disk3-part1 +#. Check disk name:: -#. Create mountpoints:: + ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]' - mkdir -p /boot/efis/{2,3} +#. Mirror EFI ssystem partition:: -#. Mount redundant EFI partitions:: - - mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk2-part1 /boot/efis/2 - mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk3-part1 /boot/efis/3 - -#. Add fstab entries:: - - pacman -S --needed arch-install-scripts rsync - - genfstab / | grep efis >> /etc/fstab - -#. Sync EFI system partition contents:: - - for i in /boot/efis/*; do - /usr/bin/rsync -a /boot/efi/ $i/ - done - -#. Add EFI boot entries:: - - efibootmgr -cgd /dev/disk/by-id/target_disk2-part1 \ - -p 1 -L "arch-2" -l "\EFI\arch\grubx64.efi" - efibootmgr -cgd /dev/disk/by-id/target_disk3-part1 \ - -p 1 -L "arch-3" -l "\EFI\arch\grubx64.efi" + for i in {target_disk2,target_disk3}; do + mkfs.vfat /dev/disk/by-id/$i-part1 + mkdir -p /boot/efis/$i + echo UUID=$(blkid -s UUID -o value /dev/disk/by-id/$i-part1) /boot/efis/$i vfat \ + x-systemd.idle-timeout=1min,x-systemd.automount,noauto,umask=0022,fmask=0022,dmask=0022 \ + 0 1 >> /etc/fstab + mount /boot/efis/$i + cp -r /boot/efi/EFI/ /boot/efis/$i + efibootmgr -cgp 1 -l "\EFI\arch\grubx64.efi" \ + -L "arch-$i" -d /dev/disk/by-id/$i-part1 + done #. Create a service to monitor and sync EFI partitions:: @@ -856,15 +855,106 @@ Mirror EFI System Partition [Service] Type=oneshot - ExecStart=/usr/bin/bash -c 'for i in /boot/efis/*; do /usr/bin/rsync -a /boot/efi/ $i/; done' + ExecStart=/usr/bin/bash -c 'for i in /boot/efis/*; do /usr/bin/cp -r /boot/efi/EFI/ $i/; done' EOF systemctl enable --now efis-sync.path +#. If EFI system partition failed, promote one backup + to ``/boot/efi`` by editing ``/etc/fstab``. + +Mirror BIOS boot sector +~~~~~~~~~~~~~~~~~~~~~~~ + +This need to be manually applied when GRUB is updated. + +#. Check disk name:: + + ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]' + +#. Install GRUB to every disk:: + + for i in {target_disk2,target_disk3}; do + grub-install /dev/disk/by-id/$i + done + +Change encryption method +~~~~~~~~~~~~~~~~~~~~~~~~ + +By default the root pool is encrypted with a key file, +created at installation. + +Password +^^^^^^^^ + +After installation, encryption by password can be enabled with:: + + zfs change-key -l -o keylocation=prompt -o keyformat=passphrase rpool_$INST_UUID + +See ``man 8 zfs-change-key``. +If password is enabled, the system will require this password to boot. +Password can be entered locally with keyboard or remotely with SSH. + +Supply password with SSH +^^^^^^^^^^^^^^^^^^^^^^^^ + +#. Install mkinitcpio tools:: + + pacman -S mkinitcpio-netconf mkinitcpio-dropbear + +#. Store authorized keys in ``/etc/dropbear/root_key``:: + + vi /etc/dropbear/root_key + + Note that dropbear only supports RSA keys. + +#. Edit mkinitcpio:: + + tee /etc/mkinitcpio.conf <<- 'EOF' + HOOKS=(base udev autodetect modconf block keyboard netconf dropbear zfsencryptssh zfs filesystems) + EOF + +#. Add ``ip=`` to kernel command line:: + + # example DHCP + echo 'GRUB_CMDLINE_LINUX="ip=::::::dhcp"' >> /etc/default/grub + + Details for ``ip=`` can be found at + `here `__. + +#. If using OpenSSH as SSH server, convert host keys to PEM format:: + + for i in {rsa,dsa,ecdsa,ed25519}; do + ssh-keygen -p -m PEM -f /etc/ssh/ssh_host_${i}_key -qN "" + done + +#. Regenerate initramfs:: + + mkinitcpio -P + +#. Update GRUB menu:: + + grub-mkconfig -o /boot/grub/grub.cfg + +Key file +^^^^^^^^ + +You can also set a new key file for root pool and +store the key file on an external drive:: + + zfs change-key -l -o keylocation=file:///path/to/keyfile -o keyformat=raw rpool_$INST_UUID + Boot Environment Manager ~~~~~~~~~~~~~~~~~~~~~~~~ -Optional: install ``rozb3-pac`` pacman hook and ``bieaz`` from AUR to -create boot environments. + +Optional: install +`rozb3-pac `__ +pacman hook and +`bieaz `__ +from AUR to create boot environments. + +Prebuilt packages are also available +in the links above. Post installation ~~~~~~~~~~~~~~~~~ @@ -939,8 +1029,9 @@ Following are the steps to load the correct ``grub.cfg``, Rescue in Live Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#. Repeat `Prepare the Live Environment - <#prepare-the-live-environment>`__. +#. `Download Arch Linux live image <#download-arch-linux-live-image>`__. + +#. `Prepare the Live Environment <#prepare-the-live-environment>`__. #. Check the ``INST_UUID`` with ``zpool import``. @@ -948,17 +1039,28 @@ Rescue in Live Environment INST_MNT=$(mktemp -d) INST_UUID=abc123 - RPOOL_PWD='rootpool' + +#. If using other keyfile:: + + KEYFILE=/path/to/keyfile #. Import and unlock root and boot pool:: zpool import -N -R $INST_MNT rpool_$INST_UUID zpool import -N -R $INST_MNT bpool_$INST_UUID - echo $RPOOL_PWD | zfs load-key rpool_$INST_UUID + + If using password:: + + zfs load-key rpool_$INST_UUID + + If using keyfile:: + + zfs load-key -L file://$KEYFILE rpool_$INST_UUID #. Find the current boot environment:: zfs list + BE=default #. Mount boot and root filesystem:: diff --git a/docs/Getting Started/Arch Linux/Artix Linux Root on ZFS.rst b/docs/Getting Started/Arch Linux/Artix Linux Root on ZFS.rst index 82cac6d..c7df068 100644 --- a/docs/Getting Started/Arch Linux/Artix Linux Root on ZFS.rst +++ b/docs/Getting Started/Arch Linux/Artix Linux Root on ZFS.rst @@ -38,7 +38,7 @@ related to this HOWTO, please `file a new issue and mention @ne9z Contributing ~~~~~~~~~~~~ -#. Fork and clone: https://github.com/openzfs/openzfs-docs +#. Fork and clone `this repo `__. #. Install the tools:: @@ -88,14 +88,30 @@ Change the service commands to the equivalent commands. #. Choose a mirror: - https://artixlinux.org/download.php + `Mirrorlist `__ -#. Download January 2021 build. `File a new issue and mention @ne9z +#. Download January 2021 build and signature. `File a new issue and mention @ne9z `__ if it's no longer available. - https://eu-mirror.artixlinux.org/iso/artix-base-openrc-20210101-x86_64.iso + - `ISO (US mirror) `__ + - `Signature `__ + +#. Check live image against signature:: + + gpg --auto-key-retrieve --verify artix-base-openrc-20210101-x86_64.iso.sig + + If the file is authentic, output should be the following:: + + gpg: Signature made Sun 03 Jan 2021 09:30:42 PM UTC + gpg: using RSA key A574A1915CEDE31A3BFF5A68606520ACB886B428 + gpg: Good signature from "Christos Nouskas " [unknown] + ... + Primary key fingerprint: A574 A191 5CED E31A 3BFF 5A68 6065 20AC B886 B428 + + Ensure ``Good signature`` and last 8 digits are ``B886 B428``, + as listed on `Artix Linux Download `__ page. #. Write the image to a USB drive or an optical disc. @@ -145,9 +161,8 @@ Prepare the Live Environment #. Import keys of archzfs repository:: - curl -O https://archzfs.com/archzfs.gpg - pacman-key -a archzfs.gpg - pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76 + curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - + curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {} #. Add archzfs repository:: @@ -155,14 +170,9 @@ Prepare the Live Environment [archzfs] Include = /etc/pacman.d/mirrorlist-archzfs - - EOF - tee -a /etc/pacman.d/mirrorlist-archzfs <<- 'EOF' - Server = https://archzfs.com/$repo/$arch - Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch - Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch - Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch EOF + + curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs #. Select mirror: @@ -366,7 +376,7 @@ Create Root and Boot Pools - Unencrypted:: - zpool create \ + zpool create \ -o ashift=12 \ -O acltype=posixacl \ -O canmount=off \ @@ -393,7 +403,7 @@ Create Root and Boot Pools -O xattr=sa \ -O mountpoint=/ \ -R $INST_MNT \ - -O encryption=aes-256-gcm \ + -O encryption=on \ -O keylocation=prompt \ -O keyformat=passphrase \ rpool_$INST_UUID \ @@ -499,10 +509,6 @@ Create Datasets #. Optional user data datasets: - If you use /opt on this system:: - - zfs create -o canmount=on rpool_$INST_UUID/DATA/default/opt - If this system will have games installed:: zfs create -o canmount=on rpool_$INST_UUID/DATA/default/var/games @@ -567,10 +573,13 @@ Package Installation Visit OpenZFS release page:: - curl https://github.com/openzfs/zfs/releases/zfs-${DKMS_VER} \ + curl -L https://github.com/openzfs/zfs/raw/zfs-${DKMS_VER}/META \ | grep Linux - # Linux: compatible with 3.10 - 5.10 kernels - echo $INST_LINVER + # Linux-Maximum: 5.10 + # Linux-Minimum: 3.10 + # compare with the output of the following command + echo ${INST_LINVER%%-*} + # 5.10.17 # supported If the kernel is supported: @@ -585,7 +594,7 @@ Package Installation DKMS_DATE=$(pacman -Syi zfs-dkms \ | grep 'Build Date' \ | sed 's/.*: //' \ - | LC_ALL=C xargs -i{} date -d {} +%Y/%m/%d) + | LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d) - Check kernel version:: @@ -668,21 +677,6 @@ System Configuration ln -sf $INST_TZ $INST_MNT/etc/localtime hwclock --systohc -#. archzfs repository:: - - tee -a $INST_MNT/etc/pacman.conf <<- 'EOF' - - [archzfs] - Include = /etc/pacman.d/mirrorlist-archzfs - - EOF - tee -a $INST_MNT/etc/pacman.d/mirrorlist-archzfs <<- 'EOF' - Server = https://archzfs.com/$repo/$arch - Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch - Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch - Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch - EOF - #. Locale:: echo "en_US.UTF-8 UTF-8" >> $INST_MNT/etc/locale.gen @@ -714,10 +708,28 @@ System Configuration rc-update add zfs-mount boot + Other ZFS services, such as ``zed`` + can be ported from ``/usr/lib/systemd/system/zfs*``. + #. Apply locales:: locale-gen +#. Import keys of archzfs repository:: + + curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - + curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {} + +#. Add archzfs repository:: + + tee -a /etc/pacman.conf <<- 'EOF' + + [archzfs] + Include = /etc/pacman.d/mirrorlist-archzfs + EOF + + curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs + #. Enable networking:: rc-update add connmand default @@ -725,7 +737,7 @@ System Configuration #. Generate zpool.cache Pools are imported by initramfs with the information stored in ``/etc/zfs/zpool.cache``. - This cache file will be embedded in ``initramfs``. + This cache file will be embedded in initramfs. :: @@ -747,29 +759,34 @@ Currently GRUB has multiple compatibility problems with ZFS, especially with regards to newer ZFS features. Workarounds have to be applied. -grub-probe fails to get canonical path of root partition -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +grub-probe fails to get canonical path +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +When persistent device names ``/dev/disk/by-id/*`` are used +with ZFS, GRUB will fail to resolve the path of the boot pool +device. Error:: + + # /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'. + Solution:: echo 'export ZPOOL_VDEV_NAME_PATH=YES' >> /etc/profile source /etc/profile -**Notes:** - - When persistent device names ``/dev/disk/by-id/*`` are used - with ZFS, GRUB will fail to resolve the path of the boot pool - device. Error:: - - # /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'. - -Pool name missing if the pool has unsupported features -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Pool name missing +~~~~~~~~~~~~~~~~~ See `this bug report `__. +Root pool name is missing from ``root=ZFS=rpool/ROOT/default`` +in generated ``grub.cfg`` file. + A workaround is to replace the pool name detection with ``zdb`` command:: sed -i "s|rpool=.*|rpool=\`zdb -l \${GRUB_DEVICE} \| grep -E '[[:blank:]]name' \| cut -d\\\' -f 2\`|" /etc/grub.d/10_linux +If you forgot to apply this workaround and +followed this guide to use ``rpool_$INST_UUID`` and ``bpool_$INST_UUID``, +``$INST_UUID`` can be found out with `Load grub.cfg in GRUB command line`_. + GRUB Installation ~~~~~~~~~~~~~~~~~ @@ -792,7 +809,11 @@ GRUB Installation grub-install $DISK If this is a multi-disk setup, - install to other disks as well. + install to other disks as well:: + + for i in {target_disk2,target_disk3}; do + grub-install /dev/disk/by-id/$i + done Generate GRUB Boot Menu ~~~~~~~~~~~~~~~~~~~~~~~ @@ -829,43 +850,126 @@ After Reboot Mirror EFI System Partition ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#. Format redundant EFI partitions:: +#. Check disk name:: - mkfs.vfat -n EFI2 /dev/disk/by-id/target_disk2-part1 - mkfs.vfat -n EFI3 /dev/disk/by-id/target_disk3-part1 + ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]' -#. Create mountpoints:: +#. Mirror EFI ssystem partition:: - mkdir -p /boot/efis/{2,3} + for i in {target_disk2,target_disk3}; do + mkfs.vfat /dev/disk/by-id/$i-part1 + mkdir -p /boot/efis/$i + echo UUID=$(blkid -s UUID -o value /dev/disk/by-id/$i-part1) /boot/efis/$i vfat \ + umask=0022,fmask=0022,dmask=0022 0 1 >> /etc/fstab + mount /boot/efis/$i + cp -r /boot/efi/EFI/ /boot/efis/$i + efibootmgr -cgp 1 -l "\EFI\artix\grubx64.efi" \ + -L "artix-$i" -d /dev/disk/by-id/$i-part1 + done -#. Mount redundant EFI partitions:: +#. Enable cron and set up cron job to sync EFI system partition contents:: - mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk2-part1 /boot/efis/2 - mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk3-part1 /boot/efis/3 + rc-update add cronie default + crontab -u root -e + # @hourly /usr/bin/bash -c 'for i in /boot/efis/*; do /usr/bin/cp -r /boot/efi/EFI/ $i/; done' -#. Add fstab entries:: + Alternatively, monitor ``/boot/efi/EFI/artix`` with ``inotifywait``. - pacman -S --needed artools-base rsync +#. If EFI system partition failed, promote one backup + to ``/boot/efi`` by editing ``/etc/fstab``. - fstabgen / | grep efis >> /etc/fstab +Mirror BIOS boot sector +~~~~~~~~~~~~~~~~~~~~~~~ -#. Sync EFI system partition contents:: +This need to be manually applied when GRUB is updated. - for i in /boot/efis/*; do - /usr/bin/rsync -a /boot/efi/ $i/ - done +#. Check disk name:: -#. Add EFI boot entries:: + ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]' - efibootmgr -cgd /dev/disk/by-id/target_disk2-part1 \ - -p 1 -L "artix-2" -l "\EFI\arch\grubx64.efi" - efibootmgr -cgd /dev/disk/by-id/target_disk3-part1 \ - -p 1 -L "artix-3" -l "\EFI\arch\grubx64.efi" +#. Install GRUB to every disk:: + + for i in {target_disk2,target_disk3}; do + grub-install /dev/disk/by-id/$i + done + +Change encryption method +~~~~~~~~~~~~~~~~~~~~~~~~ + +By default the root pool is encrypted with a key file, +created at installation. + +Password +^^^^^^^^ + +After installation, encryption by password can be enabled with:: + + zfs change-key -l -o keylocation=prompt -o keyformat=passphrase rpool_$INST_UUID + +See ``man 8 zfs-change-key``. +If password is enabled, the system will require this password to boot. +Password can be entered locally with keyboard or remotely with SSH. + +Supply password with SSH +^^^^^^^^^^^^^^^^^^^^^^^^ + +#. Install mkinitcpio tools:: + + pacman -S mkinitcpio-netconf mkinitcpio-dropbear + +#. Store authorized keys in ``/etc/dropbear/root_key``:: + + vi /etc/dropbear/root_key + + Note that dropbear only supports RSA keys. + +#. Edit mkinitcpio:: + + tee /etc/mkinitcpio.conf <<- 'EOF' + HOOKS=(base udev autodetect modconf block keyboard netconf dropbear zfsencryptssh zfs filesystems) + EOF + +#. Add ``ip=`` to kernel command line:: + + # example DHCP + echo 'GRUB_CMDLINE_LINUX="ip=::::::dhcp"' >> /etc/default/grub + + Details for ``ip=`` can be found at + `here `__. + +#. If using OpenSSH as SSH server, convert host keys to PEM format:: + + for i in {rsa,dsa,ecdsa,ed25519}; do + ssh-keygen -p -m PEM -f /etc/ssh/ssh_host_${i}_key -qN "" + done + +#. Regenerate initramfs:: + + mkinitcpio -P + +#. Update GRUB menu:: + + grub-mkconfig -o /boot/grub/grub.cfg + +Key file +^^^^^^^^ + +You can also set a new key file for root pool and +store the key file on an external drive:: + + zfs change-key -l -o keylocation=file:///path/to/keyfile -o keyformat=raw rpool_$INST_UUID Boot Environment Manager ~~~~~~~~~~~~~~~~~~~~~~~~ -Optional: install ``rozb3-pac`` pacman hook and ``bieaz`` from AUR to - create boot environments. + +Optional: install +`rozb3-pac `__ +pacman hook and +`bieaz `__ +from AUR to create boot environments. + +Prebuilt packages are also available +in the links above. Post installation ~~~~~~~~~~~~~~~~~ @@ -940,8 +1044,9 @@ Following are the steps to load the correct ``grub.cfg``, Rescue in Live Environment ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#. Repeat `Prepare the Live Environment - <#prepare-the-live-environment>`__. +#. `Download Artix Linux live image <#download-artix-linux-live-image>`__. + +#. `Prepare the Live Environment <#prepare-the-live-environment>`__. #. Check the ``INST_UUID`` with ``zpool import``. @@ -949,17 +1054,28 @@ Rescue in Live Environment INST_MNT=$(mktemp -d) INST_UUID=abc123 - RPOOL_PWD='rootpool' + +#. If using other keyfile:: + + KEYFILE=/path/to/keyfile #. Import and unlock root and boot pool:: zpool import -N -R $INST_MNT rpool_$INST_UUID zpool import -N -R $INST_MNT bpool_$INST_UUID - echo $RPOOL_PWD | zfs load-key rpool_$INST_UUID + + If using password:: + + zfs load-key rpool_$INST_UUID + + If using keyfile:: + + zfs load-key -L file://$KEYFILE rpool_$INST_UUID #. Find the current boot environment:: zfs list + BE=default #. Mount boot and root filesystem:: @@ -967,7 +1083,7 @@ Rescue in Live Environment #. chroot into the system:: - artix-chroot $INST_MNT /bin/bash --login + arch-chroot $INST_MNT /bin/bash --login mount /boot mount /boot/efi zfs mount -a diff --git a/docs/Getting Started/Arch Linux/archzfs/key-id b/docs/Getting Started/Arch Linux/archzfs/key-id new file mode 100644 index 0000000..f1f2e3a --- /dev/null +++ b/docs/Getting Started/Arch Linux/archzfs/key-id @@ -0,0 +1 @@ +DDF7DB817396A49B2A2723F7403BD972F75D9D76 diff --git a/docs/Getting Started/Arch Linux/archzfs/mirrorlist-archzfs b/docs/Getting Started/Arch Linux/archzfs/mirrorlist-archzfs new file mode 100644 index 0000000..70adcd8 --- /dev/null +++ b/docs/Getting Started/Arch Linux/archzfs/mirrorlist-archzfs @@ -0,0 +1,12 @@ +## France +Server = https://archzfs.com/$repo/$arch + +## Germany +Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch +Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch + +## India +Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch + +## United States +Server = https://zxcvfdsa.com/archzfs/$repo/$arch diff --git a/docs/Getting Started/Arch Linux/index.rst b/docs/Getting Started/Arch Linux/index.rst index 92efe1d..52ed78f 100644 --- a/docs/Getting Started/Arch Linux/index.rst +++ b/docs/Getting Started/Arch Linux/index.rst @@ -6,6 +6,15 @@ Arch Linux .. contents:: Table of Contents :local: +Support +------- + +If you need help, reach out to the community using the :ref:`mailing_lists` or IRC at +`#zfsonlinux `__ on `freenode +`__. If you have a bug report or feature request +related to this HOWTO, please `file a new issue and mention @ne9z +`__. + Installation ------------ @@ -19,31 +28,38 @@ ZFS packages are provided by the third-party `archzfs repository `__. You can use it as follows. -Import archzfs GPG key:: +Import keys of archzfs repository:: - curl -O https://archzfs.com/archzfs.gpg - pacman-key -a archzfs.gpg - pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76 + curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - + curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {} -Add the archzfs repository:: +Add archzfs repository:: - tee -a /etc/pacman.conf <<- 'EOF' - - [archzfs] - Include = /etc/pacman.d/mirrorlist-archzfs - - EOF - tee -a /etc/pacman.d/mirrorlist-archzfs <<- 'EOF' - Server = https://archzfs.com/$repo/$arch - Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch - Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch - Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch - EOF + tee -a /etc/pacman.conf <<- 'EOF' + + [archzfs] + Include = /etc/pacman.d/mirrorlist-archzfs + EOF + + curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs Update pacman database:: pacman -Sy +testing repo +^^^^^^^^^^^^ +Testing repo provides newer packages than stable repo, +but may contain unknown bugs. +Use at your own risk:: + + tee -a /etc/pacman.conf <<- 'EOF' + + # uncomment if you really want to use testing + #[archzfs-testing] + #Include = /etc/pacman.d/mirrorlist-archzfs + EOF + archzfs package ~~~~~~~~~~~~~~~ @@ -94,10 +110,13 @@ Check zfs-dkms package version:: Visit OpenZFS release page :: - curl https://github.com/openzfs/zfs/releases/zfs-${DKMS_VER} \ + curl -L https://github.com/openzfs/zfs/raw/zfs-${DKMS_VER}/META \ | grep Linux - # Linux: compatible with 3.10 - 5.10 kernels - echo $INST_LINVER + # Linux-Maximum: 5.10 + # Linux-Minimum: 3.10 + # compare with the output of the following command + echo ${INST_LINVER%%-*} + # 5.10.17 # supported If it's not supported, see `Install zfs-dkms compatible kernel`_. Otherwise, continue to next step. @@ -135,7 +154,7 @@ Install kernels available when the package was built. Check build date:: DKMS_DATE=$(pacman -Syi zfs-dkms \ | grep 'Build Date' \ | sed 's/.*: //' \ - | LC_ALL=C xargs -i{} date -d {} +%Y/%m/%d) + | LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d) Check kernel version:: @@ -178,6 +197,25 @@ If compatible, update kernel and headers with:: Do not update if the kernel is not compatible with OpenZFS. +-git packages +~~~~~~~~~~~~~ + +Normal packages are built from +`latest OpenZFS stable release `__ +which may not contain the newest features. + +``-git`` packages are directly built from +`OpenZFS master branch `__, +which may contain unknown bugs. + +To use ``-git`` packages, attach ``-git`` suffix to package names, example:: + + # zfs-dkms + zfs-dkms-git + + # zfs-${INST_LINVAR} + zfs-${INST_LINVAR}-git + Check Live Image Compatibility ------------------------------ Choose a mirror:: @@ -204,9 +242,12 @@ Check latest archzfs package version:: # zfs-dkms-2.0.1-1-x86_64.pkg.tar.zst # zfs-linux-2.0.1_5.10.10.arch1.1-1-x86_64.pkg.tar.zst -Visit OpenZFS release page https://github.com/openzfs/zfs/releases/tag/zfs-2.0.1:: +Visit OpenZFS release page:: - # Linux: compatible with 3.10 - 5.10 kernels + curl -L https://github.com/openzfs/zfs/raw/zfs-2.0.1/META \ + | grep Linux + # Linux-Maximum: 5.10 + # Linux-Minimum: 3.10 - If compatible, download the latest live image::