use /dev/mapper/data and a /etc/fstab on the real root

README.md

@@ -59,7 +59,6 @@ This is WIP. Please test and report issues, comments or missing components on ht
 - no kernel command line on DELL ( you need a newer systemd https://github.com/systemd/systemd/pull/10001 )
   cp linuxx64.efi.stub to this git repo dir from a compiled upstream systemd
 - gnome-software: can't update firmware repo
-- systemd: failed to umount /var
 
 ## Create
 

pre-pivot.sh

@@ -47,10 +47,11 @@ for datadev in $disk*; do
 done
 
 if cryptsetup isLuks --type luks2 "$datadev"; then
-    luksname=luks-$(blkid -o value -s UUID "$datadev")
+    #luksname=luks-$(blkid -o value -s UUID "$datadev")
-    mapdev=/dev/mapper/$luksname
+    luksname=data
+    luksdev=/dev/mapper/$luksname
 
-    if ! [[ -b $mapdev ]]; then
+    if ! [[ -b $luksdev ]]; then
 	if ! cryptsetup luksDump "$datadev" | grep -F -q clevis ; then
 	    udevadm settle --exit-if-exists=/dev/tpmrm0
 	    export TPM2TOOLS_TCTI_NAME=device
@@ -58,27 +59,26 @@ if cryptsetup isLuks --type luks2 "$datadev"; then
 	    
 	    if echo -n "zero key" | clevis-luks-bind -f -k - -d "$datadev" tpm2 '{"pcr_ids":"7"}'; then
 		echo -n "zero key" | cryptsetup luksRemoveKey "$datadev" /dev/stdin || die "Failed to remove key from LUKS"
-		clevis-luks-unlock -d "$datadev" || die "Failed to unlock $datadev"
+		clevis-luks-unlock -d "$datadev" -n "$luksname" || die "Failed to unlock $datadev"
 	    elif echo -n "zero key" | clevis-luks-bind -f -k - -d "$datadev" tpm2 '{"pcr_ids":"7","key":"rsa"}'; then
 		echo -n "zero key" | cryptsetup luksRemoveKey "$datadev" /dev/stdin || die "Failed to remove key from LUKS"
-		clevis-luks-unlock -d "$datadev" || die "Failed to unlock $datadev"
+		clevis-luks-unlock -d "$datadev" -n "$luksname" || die "Failed to unlock $datadev"
 	    else
 		warn "Failed to bind disk to TPM2"
 		echo -n "zero key" | cryptsetup open --type luks2 "$datadev" $luksname --key-file /dev/stdin		
 	    fi
 	else
-	    clevis-luks-unlock -d "$datadev" || die "Failed to unlock $datadev"
+	    clevis-luks-unlock -d "$datadev" -n "$luksname" || die "Failed to unlock $datadev"
 	fi
     fi
-else
+    datadev="$luksdev"
-    mapdev="$datadev"
 fi
 
-if [[ $(blkid -o value -s TYPE "$mapdev") != "xfs" ]]; then
+if [[ $(blkid -o value -s TYPE "$datadev") != "xfs" ]]; then
-    mkfs.xfs -f -L data "$mapdev"
+    mkfs.xfs -f -L data "$datadev"
 fi
 
-mount $mapdev /sysroot/data || die "Failed to mount $mapdev"
+mount -o discard $datadev /sysroot/data || die "Failed to mount $datadev"
 
 [[ -d /sysroot/data/var  ]] || mkdir /sysroot/data/var
 [[ -d /sysroot/data/home ]] || mkdir /sysroot/data/home

prepare-root.sh

@@ -299,6 +299,12 @@ if [[ -d "$sysroot"/usr/share/flatpak ]]; then
     chroot "$sysroot" bash -c '/usr/bin/flatpak remote-add --if-not-exists flathub /usr/share/flatpak/flathub.flatpakrepo'
 fi
 
+cat >"$sysroot"/etc/fstab <<EOF
+LABEL=data /data xfs defaults,discard 0 0
+/data/var  /var  - bind 0 0
+/data/home /home - bind 0 0
+EOF
+
 #---------------
 # var
 rm -fr "$sysroot"/var/lib/rpm