From 2c65ba83603ff4508cee7d396d24063ca943ba79 Mon Sep 17 00:00:00 2001 From: Tastatur Date: Sun, 24 Dec 2023 00:38:47 +0100 Subject: [PATCH] Created initial Alpine-Desktop-Setup documentation --- .../installation/installation.md | 147 ++++++++++++++++++ .../installation/provisioning.md | 60 +++++++ 2 files changed, 207 insertions(+) diff --git a/docs/alpine-desktop-setup/installation/installation.md b/docs/alpine-desktop-setup/installation/installation.md index e69de29..f6101b2 100644 --- a/docs/alpine-desktop-setup/installation/installation.md +++ b/docs/alpine-desktop-setup/installation/installation.md @@ -0,0 +1,147 @@ +# Installation + +To install the Alpine Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system. + +``` +# mount /dev/vg0/alproot /mnt -t ext4 +# mkdir /mnt/boot/efi -p +# mount /dev/disk/by-label/efi /mnt/boot/efi +``` + +Then set up the base system using `setup-disk`: + +``` +# setup-disk -m sys /mnt +``` + +This will also add grub as bootloader which is going to be replaced on this system but for now it will reside on the boot partition. + +Now the other directories are going to be mounted so that it's possible to chroot into the system: + +``` +# for i in dev proc sys run; do +> mount --rbind --make-rslave /$i /mnt/$i +> done +# chroot /mnt +``` + +The other "setup" scripts can be used to configure key aspects of the system. + +``` +# setup-hostname +# setup-keymap us us-euro +# setup-timezone -i / +# passwd root +``` + +Edit `/etc/fstab` for correct mounts. + +``` +tmpfs /tmp tmpfs nosuid,nodev 0 0 +efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0 +/dev/vg0/alproot / ext4 defaults,noatime 0 1 +/dev/vg0/alphome /home ext4 defaults,noatime 0 1 +/dev/disk/by-label/efi /boot/efi vfat defaults 0 2 +``` + +By default Alpine Linux uses `mkinitfs` to create initramfs, although it's minimal that also means that it lacks some functionality which is needed for a proper setup. +Because of this `mkinitfs` and `grub-efi `will be replaced with `booster` and `secureboot-hook`. + +``` +# apk add booster secureboot-hook sbctl +# apk del mkinitfs grub-efi +``` + +To configure booster edit `/etc/booster.yaml`: + +``` +busybox: true +modules: vfat,nls_cp437,nls_iso8859_1 +enable_lvm: true +``` + +The most important step is the creation of uki's using `secureboot-hook` which also automatically signs them. First the hook itself will have to be tweaked to use `booster` instead of `mkinitfs`, edit `/usr/share/kernel-hooks.d/secureboot.hook` and change the line: + +``` +/sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR" +``` + +To: + +``` +/usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR" +``` + +And configure `/etc/kernel-hooks.d/secureboot.conf` for cmdline and secureboot. + +``` +cmdline="rw rd.luks.name==root root=/dev/vg0/alproot modules=ext4 quiet splash rd.lvm.vg=vg0" + +signing_cert="/usr/share/secureboot/keys/db/db.pem" +signing_key="/usr/share/secureboot/keys/db/db.key" + +output_dir="/boot/efi/EFI/Linux" + +output_name="alpine-linux-{flavor}.efi" +``` + +Here `` has to be replaced with the uuid of the partition which contains our volume group: + +``` +# blkid -o value -s UUID /dev/ >> /etc/kernel-hooks.d/secureboot.conf +``` + +All that's left for booting is secureboot which `sbctl` will be used for to create keys, and sign some executables with. + + +``` +# sbctl create-keys +# sbctl enroll-keys +# sbctl sign -s /boot/efi/EFI/Boot/BOOTX64.EF +... +``` + +> Don't forget to set secureboot to setup mode during boot (although this can be done later too)! + +Now to see if everything went succesfully run: + +``` +# apk fix kernel-hooks +``` + +And it should give no warnings if done properly. + +Before finishing up the installation `networkmanager` will be install for networking. + +``` +# apk add networkmanager +# setup-devd udev +# apk add networkmanager-wifi +# rc-update add networkmanager default +``` + +Wifi will not yet work but this is will be done later on. + +To make our lives easier we'll also install `gummiboot` as a bootloader. + +``` +# apk add gummiboot +# gummiboot install +# sbctl sign -s /boot/efi/EFI/gummiboot/gummibootx64.efi +``` + +And also remove some junk left over by grub. + +``` +# rm -rf /boot/efi/EFI/alpine +``` + +Now exit out of the chroot and you should be able to reboot into a working Alpine system. + +``` +# exit +# umount -lf /mnt +# reboot now +``` + +> Do note that "Linux Boot Manager" will have to be set to load first in your bios. diff --git a/docs/alpine-desktop-setup/installation/provisioning.md b/docs/alpine-desktop-setup/installation/provisioning.md index e69de29..f0d814e 100644 --- a/docs/alpine-desktop-setup/installation/provisioning.md +++ b/docs/alpine-desktop-setup/installation/provisioning.md @@ -0,0 +1,60 @@ +# Provisioning + +The first thing to do is to partition a disk. For this internet is required because `gptfdisk` only available in the repositories and is not included on the extended Iso. + +To set it up we'll use `setup-interfaces` and `setup-apkrepos`. + +``` +# setup-interfaces -ar +# setup-apkrepos -c1 +``` + +Because the Alpine Linux Iso is pretty minimal a few packages will have to be installed first: + +``` +# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk +``` + +The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition and look something like this: + +| Number of partition | Size | Type | +|:-----:|:-----:|:-----:| +| 1 | 512 MB or more | EFI System | +| 2 | Rest of the drive | Linux filesystem | + +Then to create the filesystem on the efi partition. + +``` +# mkfs.fat -F 32 -n efi /dev/ +``` + +And the encrypted filesystem on the root partition. + +``` +# cryptsetup luksFormat /dev/ --type luks2 --label luks +# cryptsetup open --type luks /dev/ pv0 +``` + +Now to create a new LVM volume group: + +``` +# vgcreate vg0 /dev/mapper/pv0 +``` + +To create partitions inside the volume group: + +``` +# lvcreate --name alproot -L 64G vg0 +# lvcreate --name alphome -l 100%FREE vg0 +``` + +Now the home partition fills the entirety of the volume group. These sizes should be changed depending on the needs of the user. + +To create the filesystems on the logical partitions: + +``` +# mkfs.ext4 -L alpine-root /dev/vg0/alproot +# mkfs.ext4 -L alpine-home /dev/vg0/alphome +``` + +Other filesystems can also be used but `ext4` is the standard for most linux distrobutions.