diff --git a/setup.sh b/setup.sh index b78ae0a..5dc71d8 100644 --- a/setup.sh +++ b/setup.sh @@ -152,21 +152,32 @@ function set_zpool_password () { function import_pool () { zpool import -d '/dev/disk/by-partuuid' -R '/mnt' "${zpool_name}" -N -f - zfs load-key "${zpool_name}" + [[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && zfs load-key "${zpool_name}" } function create_pool () { # Create a temporary pool that is not cached + # + # Add zfsprops 'compression' unless environment variable + # ARCHZBM_ZFSPROPS_NO_COMPRESSION is set to any value. + # + # Add zfsprops 'encryption' along with 'keyformat' and a 'keylocation' + # unless environment variable ARCHZBM_ZFSPROPS_NO_ENCRYPTION is set to + # any value. zpool create -f \ -o 'ashift=12' \ -o 'autotrim=on' \ -O 'acltype=posix' \ - -O 'compression=on' \ + $([[ ! "${ARCHZBM_ZFSPROPS_NO_COMPRESSION}" ]] && \ + printf -- '%s ' \ + '-O compression=on') \ -O 'relatime=on' \ -O 'xattr=sa' \ - -O 'encryption=on' \ - -O 'keyformat=passphrase' \ - -O 'keylocation=file:///etc/zfs/'"${zpool_name}"'.key' \ + $([[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && \ + printf -- '%s ' \ + '-O encryption=on' \ + '-O keyformat=passphrase' \ + '-O keylocation=file:///etc/zfs/'"${zpool_name}"'.key') \ -O 'normalization=formD' \ -O 'mountpoint=none' \ -O 'canmount=off' \ @@ -202,7 +213,7 @@ function setup_zpool () { zpool_drive="$(select_part 'zfs')" drive_by_id="$(get_drive_id "${zpool_drive}")" - set_zpool_password + [[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && set_zpool_password if no_zpool_exists; then create_pool "${drive_by_id}" create_root_dataset @@ -305,14 +316,17 @@ function set_locale () { } function add_zfs_hook_to_initramfs () { - # Add zfs hook, remove fsck hook from initramfs. Also add plain text key - # file into initramfs since it's living inside an encrypted pool anyway. + # Add zfs hook, remove fsck hook from initramfs. sed -ri \ - -e 's'$'\x1''^(FILES=)[^\r\n\f]*'$'\x1''\1(/etc/zfs/'"${zpool_name}"'.key)'$'\x1''g' \ -e 's'$'\x1''(HOOKS=)(.*?[\(| ])(filesystems)([\)| ][^\r\n\f]*)'$'\x1''\1\2zfs \3\4'$'\x1''g' \ -e 's'$'\x1''((\()(fsck)(\)))'$'\x1''\2\4'$'\x1''g' \ -e 's'$'\x1''(([[:space:]]+)(fsck)|(fsck)([[:space:]]+))'$'\x1'''$'\x1''g' \ '/mnt/etc/mkinitcpio.conf' + # Also unless encryption's unwanted add plain text key file into + # initramfs since it's living inside an encrypted pool anyway. + [[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && sed -ri \ + -e 's'$'\x1''^(FILES=)[^\r\n\f]*'$'\x1''\1(/etc/zfs/'"${zpool_name}"'.key)'$'\x1''g' \ + '/mnt/etc/mkinitcpio.conf' } function set_initramfs_build_list () { @@ -329,7 +343,7 @@ function set_initramfs_build_list () { } function add_zfs_files_to_new_os () { - for zfs_file in '/etc/hostid' '/etc/zfs/zpool.cache' '/etc/zfs/'"${zpool_name}"'.key'; do + for zfs_file in '/etc/hostid' '/etc/zfs/zpool.cache' $([[ ! "${ARCHZBM_ZFSPROPS_NO_ENCRYPTION}" ]] && printf -- '%s' '/etc/zfs/'"${zpool_name}"'.key'); do rsync -av --itemize-changes {'','/mnt'}"${zfs_file}" done }