SoylentNews

Over the New Years break I finally decided to change OS on my laptop. A little background, the laptop started on Ubuntu 14.04 (12.04 LTS is my preferred, but no longer possible) and then changed to FreeBSD. Frankly, FreeBSD was exciting, unpolished, and ultimately ditched because because my Minecraft frame rates hovered around 4 fps.
 
Due to my work schedule and home responsibilities, stripping systemd from modern Ubuntu didn't seem like a sustainable option. With the recent release of Devuan 1.0, it seemed like a perfect time to give it a try. Why Devuan? well, you know the old phrase, learn Debian and know the Debian derivatives, learn Red Hat and know the Red Hat derivatives, learn Gentoo and know how to compile everything (still compiling?), learn Slackware and know linux. Well, I learned Debian and am most comfortable with it--Devuan fits the Debian without systemd niche. The one caveat, playing with ZFS when testing FreeBSD was pretty neat, and I'd like to continue using it. Unfortunately, Devuan + ZFS is not available strait out of the box. So, I practiced my googlefu and found a few guides to make it happen. Results? I'm writing from chromium on Devuan with root on ZFS. Wifi works, suspend works, music and video works... pretty much everything works. The best part, my Minecraft framerate now averages around 40 fps.
 
Here's my sources:

http://xenotrope.blogspot.com/2017/08/encrypted-zfs-on-root-for-devuan-zfs.html

https://talk.devuan.org/t/quest-for-the-devuan-laptop/600
 
And the steps executed are below. The bulk of it comes from the first link, but that guide is for a server install, so I had to work out a few things to get the desktop going from the install.

Wipe and partition the destination disk.
# wipefs --force --all /dev/sda

# /sbin/parted --script --align optimal /dev/sda mkpart primary 1MiB 100%

# /sbin/parted --script --align optimal /dev/sda set 1 boot on
(so, I cheated here an used gparted from the Devuan live usb. I made two partions, one 16GB swap partion and the rest for my zpool.)
 

Check the partition table:
# /sbin/parted --script /dev/sda p
 

Get the laptop online, then edit your package sources.

# echo 'deb http://auto.mirror.devuan.org/merged jessie-backports main contrib' > /etc/apt/sources.list.d/backports.list
 
That will add the repository with ZFS, but you also need to add contrib and non-free to get your wifi drivers and such. Fire up your editor and add them to your source list.
# vi /etc/apt/sources.list
edit the line:
    deb http://auto.mirror.devuan.org/merged jessie main
to this:
    deb http://auto.mirror.devuan.org/merged jessie main contrib non-free
 

Update and install cryptsetup (in my case, it was already installed).

# time apt update

# time apt install -y cryptsetup
 

Setup your encryption
# cryptsetup luksFormat -h sha512 /dev/sda1 (in my case, sda1 is swap, and thus I used sda2 here. For the rest of this journal, I will copy my source article and use sda1 everywhere.)
# cryptsetup luksOpen /dev/sda1 cryptroot
 

Time to install and compile the kernel modules. You'll need to first het the kernel headers

# time apt install -y linux-headers-$(uname -r)

# time apt-get install -y -t jessie-backports zfs-dkms
 

zfs is only in the jessie-backports repository, so you have to specify it. Watch for errors here, fix them before continuing.
 

Now with zfs-dkms package installed, add it to the kernel.
# /sbin/modprobe zfs
Again, fix any errors before continuing.
 

Time to setup your zpool and datasets.
# zpool create -f -O mountpoint=none -O compression=lz4 -O atime=off -o ashift=12 zdevuan /dev/mapper/cryptroot
# zfs create -o mountpoint=/ zdevuan/root
# zfs create -o mountpoint=/boot zdevuan/boot
# zfs create -o mountpoint=/home zdevuan/home
# zpool set bootfs=zdevuan/root zdevuan
 

With that done, export the pool, import and mount.
# zpool export -a
# zpool import -R /mnt zdevuan
 

Just keep following the guide. If you're using the desktop live usb, you'll have to install debootstrap
# apt-get install -y debootstrap
# time /usr/sbin/debootstrap jessie /mnt /https://auto.mirror.devuan.org/merged
 
The guide notes that --no-check-gpg flag will fubar the process.
 

Next we copy some things from the live USB to the new system.
# cp -v -p /etc/apt/sources.list.d/backports.list /mnt/etc/apt/sources.list.d
# cp -v -p /etc/locale.gen /mnt/etc
 

Here I departed from the guide as I found that debootstrap doesn't install the rich set of applications that differentiate the desktop environment from a server. The most annoying is the lack of wifi, which makes fixing this a pain. Since I didn't feel inspired to run a 100ft ethernet cable from the basement and installing the wifi firmware after my first reboot, I created a list of installed packages from the desktop live USB that I later fed to apt-get after the system is chrooted.
# dpkg-query -f '${binary:Package}\n' -W > /mnt/root/pkg_list
 

Getting back on track, we edit /mnt/etc/fstab for the new system. Remember to add your swap partition here if you created it.

    /dev/mapper/cryptroot / zfs defaults,noatime 0 0
    zdevuan/boot /boot zfs defaults,noatime 0 0
    zdevuan/home /home zfs defaults,noatime 0 0

 

Edit /mnt/etc/crypttab to add the UUID of the encrypted container. I'm using blkid to get the UUID of the cryptroot LUKS container.
# blkid /dev/sda1
# echo 'cryptroot UUID=UUID_HERE /rootkey.bin luks,keyscript=/bin/cat' > /mnt/etc/crypttab
 

Now create a key--this will take some time. Depending on your system, you'll likely to have time to get drive thru coffee from the neighboring zipcode. The original guide author recommended switching to another terminal screen to continue on while dd plugs away.
# time dd if=/dev/random iflag=fullblock of=/mnt/boot/rootkey.bin bs=512 count=4

 

Set the hostname.
# echo myhostname > /mnt/etc/hostname
# echo '127.0.0.1 myhostname' >> /mnt/etc/hosts
 

I copied the interfaces file from the USB stick, the author did otherwise.
# cp -v -p /etc/network/interfaces /mnt/etc/network/interfaces
 

Mount the system directories.
# cd /
# for i in /dev /dev/pts /proc /sys; do mount -B $i /mnt/$i; done
 

Chroot into the new system. Do some basic setup, and then install zfs into the new system.
# chroot /mnt /bin/bash --login
# passwd
# passwd -u root
# dpkg-reconfigure tzdata
# ln -sf /proc/self/mounts /etc/mtab
# apt update
# apt install -y locales kbd
# time apt install -y cryptsetup linux-image-amd64
# time apt install -y linux-headers-$(uname -r)
# time apt-get install -y -t jessie-backports zfs-dkms zfs-initramfs
 

If you went out for coffee, your LUKS key should be done by now. If so, create the crypto keyfile hook fo rthe initramfs.
# cryptsetup luksAddKey /dev/sda1 /boot/rootkey.bin
# chmod 0 /boot/rootkey.bin
# vi /etc/initramfs-tools/hooks/crypto_keyfile
Add the following lines to the crypto_keyfile:
    #!/bin/sh
    cp -p /boot/rootkey.bin "${DESTDIR}"
 

Set the script as executable.
# chmod +x /etc/initramfs-tools/hooks/crypto_keyfile
 

Symlink the crypto device into /dev. If you ever want to update your kernel, checkout the original author's other howto on adding a udev rule for automating this. Otherwise, you're expected to never, ever update your kernel.
# ln -sf /dev/mapper/cryptroot /dev
 

Since Devuan Jessie doesn't yet have a ZFS-compatible bootloader, borrow one from Devuan testing and then return it. FYI, it's called Ascii.
# cp -v -p /etc/apt/sources.list /etc/apt/sources.list.orig
# echo 'deb http://auto.mirror.devuan.org/merged ascii main' >> /etc/apt/sources.list
# apt update
# time apt install -y grub-pc/ascii
# mv /etc/apt/sources.list.orig /etc/apt/sources.list
 

Edit your grub config file.
# vi /etc/default/grub
 

Make the following changes to the grub file:

    -GRUB_CMDLINE_LINUX_DEFAULT="quiet"
    -GRUB_CMDLINE_LINUX=""
    +GRUB_CMDLINE_LINUX_DEFAULT="boot=zfs"
    +GRUB_CMDLINE_LINUX="cryptdevice=UUID=UUIDHERE:cryptroot"
    +GRUB_ENABLE_CRYPTODISK=y
 

Hopefully you can now build your initramfs and install grub without any errors.
# update-iniramfs -u -k all
# update-grub
# grub-install /dev/sda
 

With that done, it is time to install those packages to make your system run like the desktop live USB.
# time xargs -a <(awk '! /^ *(#|$)/' "/root/pkg_list") -r -- apt-get install
 

Pay attention to what installs and what isn't in the repositories. The first time through I had no wifi drivers. I also didn't add the non-free repository, so it was an easy fix once I figured out what happened. Obviously, there will be some redundancy and some undesired packages. Feel free to edit the pkg_list file to your liking before piping it to apt-get.
 

When this is done, add users, groups, configure sudo, etc. Once you're finished, exit the chroot.
# exit
 

Set the mountpoint /boot and /home to "legacy" so they will mount at boot time.
# zfs set mountpoint=legacy zdevuan/boot
# zfs set mountpoint=legacy zdevuan/home
 

Kill off the processes keeping you from unmounting your zpool. If you skip this, you'll be forced to manually import your zpool from single-user mode.
# killall irqbalance
# umount /mnt/sys
# umount /mnt/proc
# umount /mnt/dev/pts
# umount /mnt/dev
# zfs umount -a
# zpool export -a
# halt -p
 

Liberal use of lsof | grep /mnt/whatever to find the process that is using the mount point. Fire up your PID assassin of choice and kill those processes preventing you from unmounting your zfs datasets.
 

At this point, your machine is off. Remove your live USB media and boot the system. Here's your no compromise system with apt, zfs, and no systemd on your desktop. Next up...figuring out hibernation with encrypted partitions and zfs because suspend drains my old, anemic battery in about 12 hours.

 

Let me know if this guide was any help.

Cheers!