This doc is generated via Oali. Please do not edit directly.
Increases the size of cow partition to 2G
Update live CD time via NTP
Just pacman -Sy
If reflector
was enabled, then it is used to sort the mirrorlist by download rate
Opens mirrorlist using the specified text editor
Installs git onto live CD
Installs linux-hardened
later if answered yes
If enabled, creates a single volume group over the system partition,
and 3 logical volumes for /
, /var
, and /home
If encryption is enabled as well, then the volume group is set up inside the encrypted partition
If enabled, encrypts the partition using LUKS v1 (GRUB does not support v2 yet
User can adjust the iteration time and key size here
If enabled, encrypts the system volume using LUKS v2
Oali will double check with the user if BOOT partition was configured to to be encrypted, but picking no for ROOT partition here
User is allowed to continue said setup if they wishes to however
User can adjust the iteration time and key size here
User picks from one of the three disk layouts
-
Single system disk
-
Manual picking
-
Single system partition + USB key
Select disk and/or partitions based on previously picked disk layout,
then partitions the disk(s) based on the choices using parted
Partition sizes are calculated on Oali's side and passed to parted
as percentages to ensure the partition boundaries are aligned optimially
If disk layout is single disk, user is asked whether they want to overprovision, and to pick the maximum percentage of disk to be used if so. This is most useful for SSD scenarios where user may wish to overprovision manually.
LUKS, LVM, and file system formatting are set up at this stage when applicable
If LVM is enabled, then the logical volume sizes are as follows
-
LV for
/
- 25% of the volume group or 25.0 GiB (whichever is smaller)
-
LV for
/var
- 25% of the volume group or 250.0 GiB (whichever is smaller)
-
LV for
/home
- 80% of the remaining space of volume group
-
Leftover is intended for snapshot volumes
Mount all partitions with root being at /mnt
Invokes genfstab
, and comments out entry for /boot
if using the USB key disk layout
Sets up keyfile to be embedded into the initramfs
Installs secondary keyfile for /boot if disk layout does not use USB key
The keyfile is referenced in crypttab later
Append a line to crypttab file using the secondary keyfile for /boot, allowing decryption of boot partition after booting
The line is then commented if disk layout uses USB key
Adds appropriate mkinitcpio hooks based on LUKS and LVM choices specified
Install lvm2
package into system on disk if LVM is enabled
Recreate initramfs so the new mkinitcpio hooks are installed
Installs nano
, vim
Install GRUB bootloader
If LUKS is enabled, then sets GRUB_ENABLE_CRYPTODISK
to y
If LUKS is enabled, adjusts the GRUB_CMDLINE_LINUX
line in grub config to specify
the system partition, the associated keyfile, and root volume
Invokes grub-install
with parameters based on whether in BIOS or UEFI mode,
and also based on disk layout
Specifically, --removable
flag is added if disk layout uses USB key
Invokes grub-mkconfig
Following items are included in the recovery kit directory
-
If boot partition is encrypted, then
-
Boot partition secondary key
-
LUKS header backup
-
-
If root partition is encrypted, then
-
Root partition secondary key
-
LUKS header backup
-
-
System disk partition table backup
-
If disk layout uses USB key, then
- USB key partition table backup
Recovery kit creation decision is as follows
-
If either system or boot partition is encrypted, then
-
A copy of recovery kit is created in
/root
if system partition is encrypted -
A copy of recovery kit is created in
/boot
if boot partition is encrypted
-
-
else if no partitions are encrypted
- A copy of recovery kit is created in both
/root
and/boot
- A copy of recovery kit is created in both
Sets up user facing notes for post-install stuff
If disk layout uses USB key, generates scripts with appropriate UUIDs embedded for mounting and unmounting the USB key partitions
User can transfer the public key via command using ncat
(for network transfer) and gpg
(for symmetric encryption using a randomly generated alphanumeric passphrase)
Technically encryption of public is not necessary. The encryption is to limit the damage of accidentally transferring private key instead of the public key.