Slash Boxes

SoylentNews is people

The Fine print: The following are owned by whoever posted them. We are not responsible for them in any way.

Journal by DECbot

Over the New Years break I finally decided to change OS on my laptop. A little background, the laptop started on Ubuntu 14.04 (12.04 LTS is my preferred, but no longer possible) and then changed to FreeBSD. Frankly, FreeBSD was exciting, unpolished, and ultimately ditched because because my Minecraft frame rates hovered around 4 fps.
Due to my work schedule and home responsibilities, stripping systemd from modern Ubuntu didn't seem like a sustainable option. With the recent release of Devuan 1.0, it seemed like a perfect time to give it a try. Why Devuan? well, you know the old phrase, learn Debian and know the Debian derivatives, learn Red Hat and know the Red Hat derivatives, learn Gentoo and know how to compile everything (still compiling?), learn Slackware and know linux. Well, I learned Debian and am most comfortable with it--Devuan fits the Debian without systemd niche. The one caveat, playing with ZFS when testing FreeBSD was pretty neat, and I'd like to continue using it. Unfortunately, Devuan + ZFS is not available strait out of the box. So, I practiced my googlefu and found a few guides to make it happen. Results? I'm writing from chromium on Devuan with root on ZFS. Wifi works, suspend works, music and video works... pretty much everything works. The best part, my Minecraft framerate now averages around 40 fps.
Here's my sources:
And the steps executed are below. The bulk of it comes from the first link, but that guide is for a server install, so I had to work out a few things to get the desktop going from the install.

Wipe and partition the destination disk.
# wipefs --force --all /dev/sda

# /sbin/parted --script --align optimal /dev/sda mkpart primary 1MiB 100%

# /sbin/parted --script --align optimal /dev/sda set 1 boot on
(so, I cheated here an used gparted from the Devuan live usb. I made two partions, one 16GB swap partion and the rest for my zpool.)

Check the partition table:
# /sbin/parted --script /dev/sda p

Get the laptop online, then edit your package sources.

# echo 'deb jessie-backports main contrib' > /etc/apt/sources.list.d/backports.list
That will add the repository with ZFS, but you also need to add contrib and non-free to get your wifi drivers and such. Fire up your editor and add them to your source list.
# vi /etc/apt/sources.list
edit the line:
    deb jessie main
to this:
    deb jessie main contrib non-free

Update and install cryptsetup (in my case, it was already installed).

# time apt update

# time apt install -y cryptsetup

Setup your encryption
# cryptsetup luksFormat -h sha512 /dev/sda1 (in my case, sda1 is swap, and thus I used sda2 here. For the rest of this journal, I will copy my source article and use sda1 everywhere.)
# cryptsetup luksOpen /dev/sda1 cryptroot

Time to install and compile the kernel modules. You'll need to first het the kernel headers

# time apt install -y linux-headers-$(uname -r)

# time apt-get install -y -t jessie-backports zfs-dkms

zfs is only in the jessie-backports repository, so you have to specify it. Watch for errors here, fix them before continuing.

Now with zfs-dkms package installed, add it to the kernel.
# /sbin/modprobe zfs
Again, fix any errors before continuing.

Time to setup your zpool and datasets.
# zpool create -f -O mountpoint=none -O compression=lz4 -O atime=off -o ashift=12 zdevuan /dev/mapper/cryptroot
# zfs create -o mountpoint=/ zdevuan/root
# zfs create -o mountpoint=/boot zdevuan/boot
# zfs create -o mountpoint=/home zdevuan/home
# zpool set bootfs=zdevuan/root zdevuan


With that done, export the pool, import and mount.
# zpool export -a
# zpool import -R /mnt zdevuan


Just keep following the guide. If you're using the desktop live usb, you'll have to install debootstrap
# apt-get install -y debootstrap
# time /usr/sbin/debootstrap jessie /mnt /

The guide notes that --no-check-gpg flag will fubar the process.

Next we copy some things from the live USB to the new system.
# cp -v -p /etc/apt/sources.list.d/backports.list /mnt/etc/apt/sources.list.d
# cp -v -p /etc/locale.gen /mnt/etc


Here I departed from the guide as I found that debootstrap doesn't install the rich set of applications that differentiate the desktop environment from a server. The most annoying is the lack of wifi, which makes fixing this a pain. Since I didn't feel inspired to run a 100ft ethernet cable from the basement and installing the wifi firmware after my first reboot, I created a list of installed packages from the desktop live USB that I later fed to apt-get after the system is chrooted.
# dpkg-query -f '${binary:Package}\n' -W > /mnt/root/pkg_list

Getting back on track, we edit /mnt/etc/fstab for the new system. Remember to add your swap partition here if you created it.

    /dev/mapper/cryptroot / zfs defaults,noatime 0 0
    zdevuan/boot /boot zfs defaults,noatime 0 0
    zdevuan/home /home zfs defaults,noatime 0 0


Edit /mnt/etc/crypttab to add the UUID of the encrypted container. I'm using blkid to get the UUID of the cryptroot LUKS container.
# blkid /dev/sda1
# echo 'cryptroot UUID=UUID_HERE /rootkey.bin luks,keyscript=/bin/cat' > /mnt/etc/crypttab

Now create a key--this will take some time. Depending on your system, you'll likely to have time to get drive thru coffee from the neighboring zipcode. The original guide author recommended switching to another terminal screen to continue on while dd plugs away.
# time dd if=/dev/random iflag=fullblock of=/mnt/boot/rootkey.bin bs=512 count=4


Set the hostname.
# echo myhostname > /mnt/etc/hostname
# echo ' myhostname' >> /mnt/etc/hosts


I copied the interfaces file from the USB stick, the author did otherwise.
# cp -v -p /etc/network/interfaces /mnt/etc/network/interfaces

Mount the system directories.
# cd /
# for i in /dev /dev/pts /proc /sys; do mount -B $i /mnt/$i; done


Chroot into the new system. Do some basic setup, and then install zfs into the new system.
# chroot /mnt /bin/bash --login
# passwd
# passwd -u root
# dpkg-reconfigure tzdata
# ln -sf /proc/self/mounts /etc/mtab
# apt update
# apt install -y locales kbd
# time apt install -y cryptsetup linux-image-amd64
# time apt install -y linux-headers-$(uname -r)
# time apt-get install -y -t jessie-backports zfs-dkms zfs-initramfs


If you went out for coffee, your LUKS key should be done by now. If so, create the crypto keyfile hook fo rthe initramfs.
# cryptsetup luksAddKey /dev/sda1 /boot/rootkey.bin
# chmod 0 /boot/rootkey.bin
# vi /etc/initramfs-tools/hooks/crypto_keyfile

Add the following lines to the crypto_keyfile:
    cp -p /boot/rootkey.bin "${DESTDIR}"


Set the script as executable.
# chmod +x /etc/initramfs-tools/hooks/crypto_keyfile

Symlink the crypto device into /dev. If you ever want to update your kernel, checkout the original author's other howto on adding a udev rule for automating this. Otherwise, you're expected to never, ever update your kernel.
# ln -sf /dev/mapper/cryptroot /dev

Since Devuan Jessie doesn't yet have a ZFS-compatible bootloader, borrow one from Devuan testing and then return it. FYI, it's called Ascii.
# cp -v -p /etc/apt/sources.list /etc/apt/sources.list.orig
# echo 'deb ascii main' >> /etc/apt/sources.list
# apt update
# time apt install -y grub-pc/ascii
# mv /etc/apt/sources.list.orig /etc/apt/sources.list


Edit your grub config file.
# vi /etc/default/grub

Make the following changes to the grub file:



Hopefully you can now build your initramfs and install grub without any errors.
# update-iniramfs -u -k all
# update-grub
# grub-install /dev/sda


With that done, it is time to install those packages to make your system run like the desktop live USB.
# time xargs -a <(awk '! /^ *(#|$)/' "/root/pkg_list") -r -- apt-get install

Pay attention to what installs and what isn't in the repositories. The first time through I had no wifi drivers. I also didn't add the non-free repository, so it was an easy fix once I figured out what happened. Obviously, there will be some redundancy and some undesired packages. Feel free to edit the pkg_list file to your liking before piping it to apt-get.

When this is done, add users, groups, configure sudo, etc. Once you're finished, exit the chroot.
# exit

Set the mountpoint /boot and /home to "legacy" so they will mount at boot time.
# zfs set mountpoint=legacy zdevuan/boot
# zfs set mountpoint=legacy zdevuan/home


Kill off the processes keeping you from unmounting your zpool. If you skip this, you'll be forced to manually import your zpool from single-user mode.
# killall irqbalance
# umount /mnt/sys
# umount /mnt/proc
# umount /mnt/dev/pts
# umount /mnt/dev
# zfs umount -a
# zpool export -a
# halt -p


Liberal use of lsof | grep /mnt/whatever to find the process that is using the mount point. Fire up your PID assassin of choice and kill those processes preventing you from unmounting your zfs datasets.

At this point, your machine is off. Remove your live USB media and boot the system. Here's your no compromise system with apt, zfs, and no systemd on your desktop. Next up...figuring out hibernation with encrypted partitions and zfs because suspend drains my old, anemic battery in about 12 hours.


Let me know if this guide was any help.


Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by DECbot on Wednesday January 03 2018, @06:54AM (2 children)

    by DECbot (832) on Wednesday January 03 2018, @06:54AM (#617082) Journal

    # echo resume=UUID=my-swap-UUID > /etc/initramfs-tool/conf.d/resume
    # echo GRUB_CMD_LINE_LINUX="resume=UUID=my-swap-UUID" >> /etc/default/grub
    And for good measure:
    # update-initramfs -u -k all
    # update-grub
    # grub-install /dev/sda

    cats~$ sudo chown -R us /home/base
    • (Score: 0) by Anonymous Coward on Wednesday January 03 2018, @07:03PM (1 child)

      by Anonymous Coward on Wednesday January 03 2018, @07:03PM (#617288)

      If you said what kind of laptop you have, I wasn't able to find it.

      Hard to believe that what works for one brand/model will work for another(?)

      • (Score: 1) by DECbot on Thursday January 04 2018, @04:41AM

        by DECbot (832) on Thursday January 04 2018, @04:41AM (#617515) Journal

        It's a Lenovo Thinkpad T420S--Intel i5-2520M and 8 gigs of ram with Intel graphics and whatnot. When booting from the live USB image, it looked like everything worked out of the box for me. The only risks were ZFS and hibernation. The only reason hibernation was a risk was because I was too lazy to setup a swap partition and test it before install and I could live without it if it didn't work.

        cats~$ sudo chown -R us /home/base
  • (Score: 0) by Anonymous Coward on Wednesday January 03 2018, @08:20PM (1 child)

    by Anonymous Coward on Wednesday January 03 2018, @08:20PM (#617329)

    If you have a decent size pool of randomness already, wouldn't it be better to use /dev/urandom to generate the root key?

    • (Score: 1) by DECbot on Thursday January 04 2018, @04:47AM

      by DECbot (832) on Thursday January 04 2018, @04:47AM (#617518) Journal

      Yeah, it could be. I honestly didn't think that deeply about my quality of randomness at that point because by the time that it would really start to matter, (1) the black hats would have physical access to the system, (2) I'm probably detained in a small windowless room, and (3) my swap isn't encrypted.

      cats~$ sudo chown -R us /home/base