From b6f024f50fc0b5708bcea0bd26f1bc5cee3e78fc Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Wed, 5 Jun 2019 14:32:37 +0000
Subject: initial system install on encrypted disk

---
 core/install.html | 101 +++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 65 insertions(+), 36 deletions(-)

diff --git a/core/install.html b/core/install.html
index dfe218a..65b9148 100644
--- a/core/install.html
+++ b/core/install.html
@@ -43,13 +43,14 @@
         <h2 id="step2">1.1.2. Prepare target</h2>
 
         <p>Prepare disk or target location where new system will
-        be installed. Follow steps describe how to create efi and
-        separate partitions such as;
-        bios grub, EFI, boot, root, var, usr, swap and home.
+        be installed. Follow steps describe how to create efi system,
+        for bios_boot systems is only needed the boot partition in
+        the beginning of the disk and can use ext4 file system for example.
         For more information about gpt partitions table read
-        <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>.
-        Script <a href="scripts/setup-target.sh">setup-target.sh</a>
-        creates follow partitions;</p>
+        <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>. Script <a href="scripts/setup-target.sh">setup-target.sh</a> help to create partitions
+        scripts.</p>
+
+        </p>
 
         <p>Create gpt label and set unit size to use;</p>
 
@@ -93,14 +94,40 @@
 
         <h3>/</h3>
 
+        <p>There are different ways to achieve disk encryption,
+        the method described uses cryptosetup to create cryptodevice
+        with <a href="../tools/lvm.html">lvm</a> inside containing
+        root and other partitions such as;
+        var, usr, swap and home.
+
+        <pre>
+        (parted) mkpart primary 1132 100%
+        (parted) set 4 lvm on
+        </pre>
+
+        <p>Create encrypted block for lvm;</p>
+
+        <pre>
+        # modprobe dm-crypt
+        # cryptsetup luksFormat /dev/sda4
+        # cryptsetup luksOpen /dev/sda4 cryptlvm
+        </pre>
+
+        <p>Create physical group and volume group;</p>
+
+        <pre>
+        # pvcreate /dev/mapper/cryptlvm
+        vgcreate vg_system /dev/mapper/cryptlvm
+        </pre>
+
         <p>Core collection installation on root partition uses
         approximately 2G. Partition with 8G-20G is recommended
         for a server or desktop with dedicated ports partition
         or using only compiled packages. Partition size 20G;</p>
 
+
         <pre>
-        (parted) mkpart primary ext4 1132 21132
-        (parted) name 4 root
+        # lvcreate -L 20G -n lv_root vg_system
         </pre>
 
         <h3>/var</h3>
@@ -109,8 +136,7 @@
         system is configured. Partition size 2G;</p>
 
         <pre>
-        (parted) mkpart primary ext4 21132 23132
-        (parted) name 5 var
+        # lvcreate -L 2G -n lv_var vg_system
         </pre>
 
         <h3>Swap (ram)</h3>
@@ -119,27 +145,19 @@
         memory ram, ports system will be configured to build on ram.
         To build firefox is necessary at least 34G. Partition size 4G;</p>
 
-        <p>Is better to create swap partition later using
-        <a href="../tools/lvm.html">lvm</a>.</p>
-
         <pre>
-        (parted) mkpart primary linux-swap 23132 27132
-        (parted) name 6 swap
+        # lvcreate -L 4G -n lv_swap vg_system
         </pre>
 
 
         <h3>/home</h3>
 
-        <p>Home partition on desktop fill the rest of disk
-        space while on server this partition can be unnecessary.
+        <p>On desktop fill the rest of disk space while on server
+        this partition can be replaced with /srv.
         Fill the rest of disk space;</p>
 
-        <p>Is better to create home partition later using
-        <a href="../tools/lvm.html">lvm</a>.</p>
-
         <pre>
-        (parted) mkpart primary ext4 27132 100%
-        (parted) name 7 home
+        # lvcreate -L 120G -n lv_home vg_system
         </pre>
 
         <h3>Create filesystems</h3>
@@ -147,10 +165,10 @@
         <pre>
         $ sudo mkfs.fat -F 32 /dev/sda2
         $ sudo mkfs.ext4      /dev/sda3
-        $ sudo mkfs.ext4      /dev/sda4
-        $ sudo mkfs.ext4      /dev/sda5
-        $ sudo mkswap	      /dev/sda6
-        $ sudo mkfs.ext4      /dev/sda7
+        $ sudo mkfs.ext4      /dev/vg_system/lv_root
+        $ sudo mkfs.ext4      /dev/vg_system/lv_var
+        $ sudo mkswap	      /dev/vg_system/lv_swap
+        $ sudo mkfs.ext4      /dev/vg_system/lv_home
         </pre>
 
         <h2 id="step3">1.1.3. Prepare Install</h2>
@@ -161,19 +179,19 @@
         <a href="scripts/setup-core.sh">setup-core.sh</a>
         configure host metadata and setup ports;</p>
 
-	<p>Export target root partition;</p>
+        <p>Export target root partition;</p>
 
-	<pre>
-	$ export BLK_ROOT=/dev/sda
-	</pre>
+        <pre>
+        $ export BLK_ROOT=/dev/vg_system/lv_root
+        </pre>
 
-	<p>Export target root directory you want to install;</p>
+        <p>Export target root directory you want to install;</p>
 
         <pre>
         $ export CHROOT=/mnt
         </pre>
 
-	<p>If you are installing to a directory and not partitions you don't need to mount;</p>
+        <p>If you are installing to a directory and not partitions you don't need to mount;</p>
 
         <pre>
         $ sudo mount $BLK_ROOT $CHROOT
@@ -192,11 +210,11 @@
         $ sudo mkdir -p $CHROOT/tmp
         $ sudo mkdir -p $CHROOT/proc
         $ sudo mkdir -p $CHROOT/sys
-	</pre>
+        </pre>
 
-	<p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p>
+        <p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p>
 
-	<pre>
+        <pre>
         $ sudo mount $BLK_BOOT $CHROOT/boot
         $ sudo mkdir -p $CHROOT/boot/efi
         $ sudo mount $BLK_EFI $CHROOT/boot/efi
@@ -297,6 +315,17 @@
         pkgadd /usr/ports/packages/efivar#*
         pkgadd /usr/ports/packages/efibootmgr#*
         pkgadd /usr/ports/packages/dosfstools#*
+        pkgadd /usr/ports/packages/ported#*
+        pkgadd /usr/ports/packages/libgcrypt#*
+        pkgadd /usr/ports/packages/cryptsetup#*
+        pkgadd /usr/ports/packages/popt#*
+        pkgadd /usr/ports/packages/libgpg-error#*
+        pkgadd /usr/ports/packages/libevent#*
+        pkgadd /usr/ports/packages/libtirpc#*
+        pkgadd /usr/ports/packages/git#*
+        pkgadd /usr/ports/packages/tmux#*
+        pkgadd /usr/ports/packages/prt-utils#*
+        pkgadd /usr/ports/packages/elfutils#*
         </pre>
 
         <pre>
@@ -344,7 +373,7 @@
 
         <a href="index.html">Core OS Index</a>
         <p>This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
-- 
cgit 1.4.1-2-gfad0