diff options
| author | Silvino Silva <silvino@bk.ru> | 2019-06-05 14:32:37 +0000 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2019-06-05 14:32:37 +0000 |
| commit | b6f024f50fc0b5708bcea0bd26f1bc5cee3e78fc (patch) | |
| tree | 517e1c3e597b77183d2eb9eeec52b92d47b6d555 | |
| parent | 91c23096800cfd1a31cd24f6eae93f6d037d5661 (diff) | |
| download | doc-b6f024f50fc0b5708bcea0bd26f1bc5cee3e78fc.tar.gz | |
initial system install on encrypted disk
| -rw-r--r-- | core/install.html | 101 |
1 files changed, 65 insertions, 36 deletions
diff --git a/core/install.html b/core/install.html index dfe218a..65b9148 100644 --- a/core/install.html +++ b/core/install.html @@ -43,13 +43,14 @@ <h2 id="step2">1.1.2. Prepare target</h2> <p>Prepare disk or target location where new system will - be installed. Follow steps describe how to create efi and - separate partitions such as; - bios grub, EFI, boot, root, var, usr, swap and home. + be installed. Follow steps describe how to create efi system, + for bios_boot systems is only needed the boot partition in + the beginning of the disk and can use ext4 file system for example. For more information about gpt partitions table read - <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>. - Script <a href="scripts/setup-target.sh">setup-target.sh</a> - creates follow partitions;</p> + <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>. Script <a href="scripts/setup-target.sh">setup-target.sh</a> help to create partitions + scripts.</p> + + </p> <p>Create gpt label and set unit size to use;</p> @@ -93,14 +94,40 @@ <h3>/</h3> + <p>There are different ways to achieve disk encryption, + the method described uses cryptosetup to create cryptodevice + with <a href="../tools/lvm.html">lvm</a> inside containing + root and other partitions such as; + var, usr, swap and home. + + <pre> + (parted) mkpart primary 1132 100% + (parted) set 4 lvm on + </pre> + + <p>Create encrypted block for lvm;</p> + + <pre> + # modprobe dm-crypt + # cryptsetup luksFormat /dev/sda4 + # cryptsetup luksOpen /dev/sda4 cryptlvm + </pre> + + <p>Create physical group and volume group;</p> + + <pre> + # pvcreate /dev/mapper/cryptlvm + vgcreate vg_system /dev/mapper/cryptlvm + </pre> + <p>Core collection installation on root partition uses approximately 2G. Partition with 8G-20G is recommended for a server or desktop with dedicated ports partition or using only compiled packages. Partition size 20G;</p> + <pre> - (parted) mkpart primary ext4 1132 21132 - (parted) name 4 root + # lvcreate -L 20G -n lv_root vg_system </pre> <h3>/var</h3> @@ -109,8 +136,7 @@ system is configured. Partition size 2G;</p> <pre> - (parted) mkpart primary ext4 21132 23132 - (parted) name 5 var + # lvcreate -L 2G -n lv_var vg_system </pre> <h3>Swap (ram)</h3> @@ -119,27 +145,19 @@ memory ram, ports system will be configured to build on ram. To build firefox is necessary at least 34G. Partition size 4G;</p> - <p>Is better to create swap partition later using - <a href="../tools/lvm.html">lvm</a>.</p> - <pre> - (parted) mkpart primary linux-swap 23132 27132 - (parted) name 6 swap + # lvcreate -L 4G -n lv_swap vg_system </pre> <h3>/home</h3> - <p>Home partition on desktop fill the rest of disk - space while on server this partition can be unnecessary. + <p>On desktop fill the rest of disk space while on server + this partition can be replaced with /srv. Fill the rest of disk space;</p> - <p>Is better to create home partition later using - <a href="../tools/lvm.html">lvm</a>.</p> - <pre> - (parted) mkpart primary ext4 27132 100% - (parted) name 7 home + # lvcreate -L 120G -n lv_home vg_system </pre> <h3>Create filesystems</h3> @@ -147,10 +165,10 @@ <pre> $ sudo mkfs.fat -F 32 /dev/sda2 $ sudo mkfs.ext4 /dev/sda3 - $ sudo mkfs.ext4 /dev/sda4 - $ sudo mkfs.ext4 /dev/sda5 - $ sudo mkswap /dev/sda6 - $ sudo mkfs.ext4 /dev/sda7 + $ sudo mkfs.ext4 /dev/vg_system/lv_root + $ sudo mkfs.ext4 /dev/vg_system/lv_var + $ sudo mkswap /dev/vg_system/lv_swap + $ sudo mkfs.ext4 /dev/vg_system/lv_home </pre> <h2 id="step3">1.1.3. Prepare Install</h2> @@ -161,19 +179,19 @@ <a href="scripts/setup-core.sh">setup-core.sh</a> configure host metadata and setup ports;</p> - <p>Export target root partition;</p> + <p>Export target root partition;</p> - <pre> - $ export BLK_ROOT=/dev/sda - </pre> + <pre> + $ export BLK_ROOT=/dev/vg_system/lv_root + </pre> - <p>Export target root directory you want to install;</p> + <p>Export target root directory you want to install;</p> <pre> $ export CHROOT=/mnt </pre> - <p>If you are installing to a directory and not partitions you don't need to mount;</p> + <p>If you are installing to a directory and not partitions you don't need to mount;</p> <pre> $ sudo mount $BLK_ROOT $CHROOT @@ -192,11 +210,11 @@ $ sudo mkdir -p $CHROOT/tmp $ sudo mkdir -p $CHROOT/proc $ sudo mkdir -p $CHROOT/sys - </pre> + </pre> - <p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p> + <p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p> - <pre> + <pre> $ sudo mount $BLK_BOOT $CHROOT/boot $ sudo mkdir -p $CHROOT/boot/efi $ sudo mount $BLK_EFI $CHROOT/boot/efi @@ -297,6 +315,17 @@ pkgadd /usr/ports/packages/efivar#* pkgadd /usr/ports/packages/efibootmgr#* pkgadd /usr/ports/packages/dosfstools#* + pkgadd /usr/ports/packages/ported#* + pkgadd /usr/ports/packages/libgcrypt#* + pkgadd /usr/ports/packages/cryptsetup#* + pkgadd /usr/ports/packages/popt#* + pkgadd /usr/ports/packages/libgpg-error#* + pkgadd /usr/ports/packages/libevent#* + pkgadd /usr/ports/packages/libtirpc#* + pkgadd /usr/ports/packages/git#* + pkgadd /usr/ports/packages/tmux#* + pkgadd /usr/ports/packages/prt-utils#* + pkgadd /usr/ports/packages/elfutils#* </pre> <pre> @@ -344,7 +373,7 @@ <a href="index.html">Core OS Index</a> <p>This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> |