feat(install): add phase 1 narrative for installer integration
Add literate programming phase 1 documentation for: - installer.sh: handoff to official Void installer - postinstall.sh: boot configuration for encrypted system Decision: Keep official installer in the loop rather than full automation. The installer handles package selection and system configuration choices better than a custom script would. Reduces maintenance burden significantly. Decision: GRUB as default bootloader for wide Void support without systemd dependencies. systemd-boot and rEFInd rejected due to availability constraints. EFISTUB rejected due to manual UEFI entry management overhead. Technical details documented for post-install phase: - dracut crypt module enables LUKS unlock in initramfs - /etc/crypttab uses UUID references for device stability - GRUB_ENABLE_CRYPTODISK=y enables GRUB LUKS unlock - rd.luks.uuid kernel parameter tells dracut which container - grub-install embeds cryptodisk, grub-mkconfig updates menu Open questions preserved for phase 2 implementation: - Should rescue initramfs be generated? - Verify GRUB LUKS2 support before reboot? - Document kernel update process for users?
This commit is contained in:
Stefan Strobl
parent
0d29a9ae62
commit
a1fdbdaf6b
22
src/installer.sh
Normal file
22
src/installer.sh
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# === Motivation ===
|
||||||
|
# Keep the official installer as the configuration authority.
|
||||||
|
# === Problem Statement ===
|
||||||
|
# We need a clean handoff so the installer uses existing mounts without reformatting.
|
||||||
|
# === Scope ===
|
||||||
|
# In scope: instructions and guardrails for the user during the installer run.
|
||||||
|
# Out of scope: automated installer configuration.
|
||||||
|
# === Concepts ===
|
||||||
|
# Handoff: a pause where the wrapper delegates to the installer.
|
||||||
|
# === Decisions ===
|
||||||
|
# Provide clear, minimal guidance to avoid overriding prepared filesystems.
|
||||||
|
# Support only CLI installer flow to keep guidance consistent.
|
||||||
|
# === Alternatives Considered ===
|
||||||
|
# Fully scripted installation rejected for this phase.
|
||||||
|
# === Constraints ===
|
||||||
|
# The wrapper must not hide or alter installer behavior.
|
||||||
|
# === Open Questions ===
|
||||||
|
# Should we provide a checklist or step-by-step guide during the installer handoff?
|
||||||
|
# How do we detect if the installer reformatted filesystems against our intent?
|
||||||
|
# Should we monitor the installer process, or fully delegate control?
|
||||||
|
# === Success Criteria ===
|
||||||
|
# The installer completes using the prepared mounts without reformatting.
|
||||||
36
src/postinstall.sh
Normal file
36
src/postinstall.sh
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# === Motivation ===
|
||||||
|
# Ensure the system can boot with encrypted root after installation.
|
||||||
|
# === Problem Statement ===
|
||||||
|
# Post-install steps must align initramfs, bootloader, and encryption metadata.
|
||||||
|
# === Scope ===
|
||||||
|
# In scope: required configuration updates inside the installed system.
|
||||||
|
# Out of scope: package selection and user account management.
|
||||||
|
# === Concepts ===
|
||||||
|
# Initramfs: early boot image that unlocks encrypted storage.
|
||||||
|
# Bootloader config: entries that point to the encrypted root.
|
||||||
|
# Dracut modules: crypt (LUKS unlock), resume (hibernation support if swap file used).
|
||||||
|
# Crypttab: /etc/crypttab maps LUKS UUIDs to device names for initramfs.
|
||||||
|
# GRUB cryptodisk: GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub enables LUKS unlock.
|
||||||
|
# Kernel parameters: rd.luks.uuid=<UUID> tells dracut which LUKS container to unlock.
|
||||||
|
# === Decisions ===
|
||||||
|
# Keep post-install steps explicit and minimal, focused on boot viability.
|
||||||
|
# Default to GRUB because it is widely supported on Void without systemd dependencies.
|
||||||
|
# Regenerate initramfs for all installed kernels to avoid boot drift.
|
||||||
|
# Use UUID-based references in /etc/crypttab for stability across device naming changes.
|
||||||
|
# Enable dracut crypt module explicitly in /etc/dracut.conf.d/10-crypt.conf.
|
||||||
|
# Set GRUB_ENABLE_CRYPTODISK=y in /etc/default/grub to allow GRUB to unlock LUKS.
|
||||||
|
# Add rd.luks.uuid=<UUID> to GRUB_CMDLINE_LINUX for initramfs LUKS unlock.
|
||||||
|
# Run grub-install to embed cryptodisk support, then grub-mkconfig to update menu entries.
|
||||||
|
# === Alternatives Considered ===
|
||||||
|
# Skipping post-install updates rejected because it risks unbootable systems.
|
||||||
|
# systemd-boot and rEFInd rejected as defaults due to availability and scope constraints.
|
||||||
|
# EFISTUB rejected as default because it increases manual UEFI entry management.
|
||||||
|
# === Constraints ===
|
||||||
|
# Steps must run in the target system context.
|
||||||
|
# === Open Questions ===
|
||||||
|
# Should we generate a rescue initramfs in addition to the default one?
|
||||||
|
# Should we verify GRUB can unlock LUKS2 before rebooting, or trust the configuration?
|
||||||
|
# How do we handle future kernel updates - should we document the dracut reconfiguration process?
|
||||||
|
# Should swap file activation be configured in this phase, or deferred to first boot?
|
||||||
|
# === Success Criteria ===
|
||||||
|
# After reboot, the system prompts for decryption and boots successfully.
|
||||||
Loading…
x
Reference in New Issue
Block a user