From 48ab49c9ee8556c73a05adcb33291999619c34db Mon Sep 17 00:00:00 2001 From: Luc Date: Fri, 21 Feb 2025 23:32:06 +0100 Subject: [PATCH] docs/alpine-server-setup/installation.md: change tank to rpool and update w.rt. zlevis 2.0 --- docs/alpine-server-setup/installation.md | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/docs/alpine-server-setup/installation.md b/docs/alpine-server-setup/installation.md index cf7666c..0d43ca6 100644 --- a/docs/alpine-server-setup/installation.md +++ b/docs/alpine-server-setup/installation.md @@ -5,16 +5,16 @@ To install the Alpine Linux distribution on the system, the datasets of the syst First import and decrypt the system pool: ``` -# zpool import -N -R /mnt tank -# zfs load-key -L file:///tmp/tank.key tank +# zpool import -N -R /mnt rpool +# zfs load-key -L file:///tmp/rpool.key rpool ``` Mount the datasets in the system pool and decrypt the home dataset: ``` -# mount tank/root/alpine /mnt -t zfs -o noatime -# zfs mount tank/home -# zfs mount tank/var +# mount rpool/root/alpine /mnt -t zfs -o noatime +# zfs mount rpool/home +# zfs mount rpool/var ``` Mount the ESP: @@ -106,10 +106,12 @@ features="... zlevis" disable_trigger="yes" ``` +> The `mkinitfs` package that supports `zlevis` is as of this moment not yet in the alpine package repository, for the relevant steps see the [zlevis mkinitfs-implementation wiki](https://git.bijl.us/luc/zlevis/wiki/mkinitfs-implementation). + The most important step is the creation of a UKI using `secureboot-hook` which also automatically signs them. Configure `/etc/kernel-hooks.d/secureboot.conf` to set kernel cmdline options and secureboot: ``` -cmdline="rw root=ZFS=tank/root/alpine rootflags=noatime quiet splash" +cmdline="rw root=ZFS=rpool/root/alpine rootflags=noatime quiet splash" signing_cert="/var/lib/sbctl/keys/db/db.pem" signing_key="/var/lib/sbctl/keys/db/db.key" @@ -130,13 +132,7 @@ Use `sbctl` to create secureboot keys and sign them: Set the cache-file of the ZFS pool: ``` -# zpool set cachefile=/etc/zfs/zpool.cache tank -``` - -Now to see if everything went successfully, run: - -``` -# apk fix kernel-hooks +# zpool set cachefile=/etc/zfs/zpool.cache rpool ``` Now to see if everything went successfully, run: @@ -177,6 +173,6 @@ Now exit the chroot and you should be able to reboot into a working Alpine syste ``` # exit # umount -lf /mnt -# zpool export tank +# zpool export rpool # reboot ``` \ No newline at end of file