From a2186d64d476b6754172dd2c516ecb758caea6eb Mon Sep 17 00:00:00 2001 From: Saverio Miroddi Date: Mon, 27 Apr 2020 16:42:45 +0200 Subject: [PATCH 1/6] README: Simplify Ubuntu Server instructions Since Subiquity is not directly invoked anymore, the standard command can be restored. See previous commit 72f8e08c292700eb0877f6e4585bec33f70ef648 for an explanation. --- README.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index 07b487d..05e6062 100644 --- a/README.md +++ b/README.md @@ -55,14 +55,7 @@ GET https://git.io/JelI5 | sudo bash - then follow the instructions; halfway through the procedure, the GUI installer of the O/S will be launched. -### Ubuntu Server - -Ubuntu Server requires a slightly different execution procedure: - -- when the installer welcome screen shows up, tap `Ctrl+Alt+F2`, -- then type `sudo -- bash -c "$(curl -L https://git.io/JelI5)"`. - -the rest is the same as the generic procedure. +In order to open a terminal on Ubuntu Server, tap `Ctrl+Alt+F2`. ### Unsupported systems/Issues From f5515e5e26dee344afd0da3da854ff933e4dc3e7 Mon Sep 17 00:00:00 2001 From: Sergey Zapunidi Date: Mon, 27 Apr 2020 19:38:18 +0300 Subject: [PATCH 2/6] Fixed missing deb packet rsync in jail --- install-zfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-zfs.sh b/install-zfs.sh index 49f493a..27969cf 100755 --- a/install-zfs.sh +++ b/install-zfs.sh @@ -989,7 +989,7 @@ APT' chroot_execute "apt update" chroot_execute 'echo "zfs-dkms zfs-dkms/note-incompatible-licenses note true" | debconf-set-selections' - chroot_execute "apt install --yes zfs-initramfs zfs-dkms grub-efi-amd64-signed shim-signed" + chroot_execute "apt install --yes rsync zfs-initramfs zfs-dkms grub-efi-amd64-signed shim-signed" } function install_jail_zfs_packages_elementary { From 8f76b4a47d1a01c10ba576053cc1cdd0289c32df Mon Sep 17 00:00:00 2001 From: Sergey Zapunidi Date: Tue, 28 Apr 2020 12:07:43 +0300 Subject: [PATCH 3/6] Fixed missing efibootmgr deb packet outside jail --- install-zfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-zfs.sh b/install-zfs.sh index 27969cf..14f9237 100755 --- a/install-zfs.sh +++ b/install-zfs.sh @@ -518,7 +518,7 @@ function install_host_packages_Debian { echo "deb http://deb.debian.org/debian buster-backports main contrib" >> /etc/apt/sources.list apt update - apt install --yes -t buster-backports zfs-dkms + apt install --yes -t buster-backports zfs-dkms efibootmgr modprobe zfs fi From e6ef0b0830ff4a1722f72f762e36864e361cd119 Mon Sep 17 00:00:00 2001 From: Saverio Miroddi Date: Tue, 28 Apr 2020 21:32:53 +0200 Subject: [PATCH 4/6] README: Simplify installation command The `-` is not needed! --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 05e6062..1988bde 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ The disadvantages are: Start the live CD of a supported Linux distribution, then open a terminal and execute: ```sh -GET https://git.io/JelI5 | sudo bash - +GET https://git.io/JelI5 | sudo bash ``` then follow the instructions; halfway through the procedure, the GUI installer of the O/S will be launched. From 2c85edda0c8e5371ab895961edcd176357e6d346 Mon Sep 17 00:00:00 2001 From: Saverio Miroddi Date: Tue, 28 Apr 2020 21:33:21 +0200 Subject: [PATCH 5/6] Use a named pipe for the ZFS passphrase This brings the significant advantage that the ZFS pool creation command can be logged! --- install-zfs.sh | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/install-zfs.sh b/install-zfs.sh index 2a36d6b..86e6416 100755 --- a/install-zfs.sh +++ b/install-zfs.sh @@ -19,10 +19,14 @@ v_linux_distribution= # Debian, Ubuntu, ... WATCH OUT: not necessarily fr v_zfs_08_in_repository= # 1=true, false otherwise (applies only to Ubuntu-based) # Variables set (indirectly) by the user +# +# The passphrase has a special workflow - it's sent to a named pipe (see create_passphrase_named_pipe()). +# Also note that `ZFS_PASSPHRASE` considers the unset state (see help). +# The same strategy can possibly be used for `v_root_passwd` (the difference being that is used +# inside a jail); logging the ZFS commands is enough, for now. v_bpool_name= v_bpool_tweaks= # array; see defaults below for format -v_passphrase= # the corresponding var (ZFS_PASSPHRASE) has special behavior (see below) v_root_password= # Debian-only v_rpool_name= v_rpool_tweaks= # array; see defaults below for format @@ -44,6 +48,7 @@ c_installed_os_data_mount_dir=/target declare -A c_supported_linux_distributions=([Debian]=10 [Ubuntu]="18.04 20.04" [UbuntuServer]="18.04 20.04" [LinuxMint]=19 [elementary]=5.1) c_boot_partition_size=768M # while 512M are enough for a few kernels, the Ubuntu updater complains after a couple c_temporary_volume_size=12G # large enough; Debian, for example, takes ~8 GiB. +c_passphrase_named_pipe=$(dirname "$(mktemp)")/zfs-installer.pp.fifo c_log_dir=$(dirname "$(mktemp)")/zfs-installer c_install_log=$c_log_dir/install.log @@ -368,6 +373,17 @@ function find_zfs_package_requirements_Debian { : } +# By using a FIFO, we avoid having to hide statements like `echo $v_passphrase | zpoool create ...` +# from the logs. +# +# The FIFO file is left in the filesystem after the script exits. It's not worth taking care of +# removing it, since the environment is entirely ephemeral. +# +function create_passphrase_named_pipe { + rm -f "$c_passphrase_named_pipe" + mkfifo "$c_passphrase_named_pipe" +} + function select_disks { print_step_info_header @@ -427,23 +443,25 @@ function ask_root_password_Debian { function ask_encryption { print_step_info_header + local passphrase= + set +x if [[ -v ZFS_PASSPHRASE ]]; then - v_passphrase=$ZFS_PASSPHRASE + passphrase=$ZFS_PASSPHRASE else local passphrase_repeat=_ local passphrase_invalid_message= - while [[ $v_passphrase != "$passphrase_repeat" || ${#v_passphrase} -lt 8 ]]; do + while [[ $passphrase != "$passphrase_repeat" || ${#passphrase} -lt 8 ]]; do local dialog_message="${passphrase_invalid_message}Please enter the passphrase (8 chars min.): Leave blank to keep encryption disabled. " - v_passphrase=$(whiptail --passwordbox "$dialog_message" 30 100 3>&1 1>&2 2>&3) + passphrase=$(whiptail --passwordbox "$dialog_message" 30 100 3>&1 1>&2 2>&3) - if [[ -z $v_passphrase ]]; then + if [[ -z $passphrase ]]; then break fi @@ -453,6 +471,8 @@ Leave blank to keep encryption disabled. done fi + echo -n "$passphrase" > "$c_passphrase_named_pipe" & + set -x } @@ -826,16 +846,23 @@ function custom_install_operating_system { function create_pools { # POOL OPTIONS ####################### + local passphrase local encryption_options=() local rpool_disks_partitions=() local bpool_disks_partitions=() set +x - if [[ -n $v_passphrase ]]; then + passphrase=$(cat "$c_passphrase_named_pipe") + + if [[ -n $passphrase ]]; then encryption_options=(-O "encryption=on" -O "keylocation=prompt" -O "keyformat=passphrase") fi + # Push back for unlogged reuse. Minor inconvenience, but worth :-) + # + echo -n "$passphrase" > "$c_passphrase_named_pipe" & + set -x for selected_disk in "${v_selected_disks[@]}"; do @@ -859,13 +886,11 @@ function create_pools { # # Stdin is ignored if the encryption is not set (and set via prompt). # - set +x - echo -n "$v_passphrase" | zpool create \ + cat "$c_passphrase_named_pipe" | zpool create \ "${encryption_options[@]}" \ "${v_rpool_tweaks[@]}" \ -O devices=off -O mountpoint=/ -R "$c_zfs_mount_dir" -f \ "$v_rpool_name" $pools_mirror_option "${rpool_disks_partitions[@]}" - set -x # `-d` disable all the pool features (not used here); # @@ -1260,6 +1285,7 @@ check_prerequisites display_intro_banner find_suitable_disks find_zfs_package_requirements +create_passphrase_named_pipe select_disks distro_dependent_invoke "ask_root_password" --noforce From 8c2b572a7556854112e44acc18711a8bab9c0107 Mon Sep 17 00:00:00 2001 From: Saverio Miroddi Date: Tue, 28 Apr 2020 22:13:12 +0200 Subject: [PATCH 6/6] Add running processes to logs Most solid (and simplest) way to gather the running desktop environment. --- install-zfs.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/install-zfs.sh b/install-zfs.sh index 4da5f51..d05117f 100755 --- a/install-zfs.sh +++ b/install-zfs.sh @@ -53,6 +53,7 @@ c_passphrase_named_pipe=$(dirname "$(mktemp)")/zfs-installer.pp.fifo c_log_dir=$(dirname "$(mktemp)")/zfs-installer c_install_log=$c_log_dir/install.log c_os_information_log=$c_log_dir/os_information.log +c_running_processes_log=$c_log_dir/running_processes.log c_disks_log=$c_log_dir/disks.log c_zfs_module_version_log=$c_log_dir/updated_module_versions.log @@ -214,6 +215,7 @@ function store_os_distro_information { # Madness, in order not to force the user to invoke "sudo -E". # Assumes that the user runs exactly `sudo bash`; it's not a (current) concern if the user runs off specification. + # Not found when running via SSH - inspect the processes for finding this information. # perl -lne 'BEGIN { $/ = "\0" } print if /^XDG_CURRENT_DESKTOP=/' /proc/"$PPID"/environ >> "$c_os_information_log" } @@ -224,6 +226,13 @@ function store_os_distro_information_Debian { echo "DEBIAN_VERSION=$(cat /etc/debian_version)" >> "$c_os_information_log" } +# Simplest and most solid way to gather the desktop environment (!). +# See note in store_os_distro_information(). +# +function store_running_processes { + ps ax --forest > "$c_running_processes_log" +} + function check_prerequisites { print_step_info_header @@ -1281,6 +1290,7 @@ fi activate_debug set_distribution_data distro_dependent_invoke "store_os_distro_information" +store_running_processes check_prerequisites display_intro_banner find_suitable_disks