zfs option request

[tonecaster]

Thank you for your great script! Is there any chance you could add ZFS option to the install? I believe this could make you a true star in the linux, void-linux community. I've installed mine from a script I put together after many days of trials and errors and have been running this amazing very stable system for the last 2 years... My aim is to install an encrypted ZFS rooted void xfce with all its goodies and i3 as its WM on a new machine I'm buying with an amazing WYSIWYG install script like yours, if possible.

Thanks for the attention!

[kkrruumm]

ZFS is definitely planned at some point, though this installer has taken a bit of a backseat in favor of other projects I am currently part of unfortunately.

The best way to have ZFS here is to open a pull request adding what you would like, after review, I'm open to merging from others.

I think the best way to go about ZFS support would be zfsbootmenu as the only supported option, which will allow you to use ZFS native encryption rather than luks, in which case the installer should be ran from the hrmpf image here: https://github.com/leahneukirchen/hrmpf

I will look into it, but I can't tell you when this will be completed.

[tonecaster]

Thanks for your response! As I've mentioned, I've been running void zfs on my system with the script I put up together and the hrmpf way is the road I took at the time... But I've always wanted a graphic installer like yours, or like the now defunct Trident Linux for that and it'd be great to have it...

Once again thanks!

[zenodotus280]

I created a ZFS-BM install script that follows the official instructions as closely as possible. I'll make it available soon and perhaps we can dove-tail them together?

[kkrruumm]

@zenodotus280 that sounds good, what i would appreciate the most is a pull request, i'm having issues finding time to add major features like that, i just got around to adding UKI support despite having daily driven it for months-

if you'd like to create a pull request, i'm more than willing to look over it and merge.

otherwise, after making it public, i'll do what i can to get this feature added, i hadn't meant to leave this issue open for so long :p

[zenodotus280]

Okay - mine is only about 300 lines long so I can probably strip out the ZBM-specific commands and fit them into yours. Probably won't get around to this for a few weeks or more... you know how it goes ;)

[kkrruumm]

that sounds pretty clean, but we also need to figure out what we're going to do with encryption

i've never tried ZBM, but if we can use luks instead of zfs native encryption i would prefer that, i don't have much faith in zfs native encryption at the moment after having looked into it for the past few months

let me know once yours goes public and i'll take a look around

[tonecaster]

Hi guys! This is sounding good! I've been using zfs native encryption on my void linux for more than 2 years now without a glitch. Very stable, secure and fast! Can't recommend it enough... Thanks for the time and effort you put on this...

[kkrruumm]

i'm less concerned with stability (ZFS has proven itself plenty stable) and more concerned with how zfs with encryption leaks metadata, there's no way to detach headers of course, and the number of issues that are still open related to specifically encryption

do check the "Caveats" part of this wiki page: https://wiki.gentoo.org/wiki/ZFS

i'm not entirely opposed to using zfs native encryption, just need to make sure this is handled correctly

as for boot chain security, it seems like ZFSBM is more or less just a UKI with a TUI and tools to handle ZFS, i like this a lot i run secure boot with my own setups, protecting just the UKI, that being the only file actually exposed unencrypted on my disk so i'd like to take into account similar setups with ZFSBM if possible