zachfeldman · June 2, 2025 14:16 · pellaeon · Jun 2, 2025 · zachfeldman · Jun 2, 2025
diff --git a/mount-encrypted-ubuntu-rpool from LiveUSB b/mount-encrypted-ubuntu-rpool from LiveUSB
 # Heavily copied from https://develmonk.com/2022/05/20/mount-ubuntu-22-04-zfs-partitions-using-live-iso-for-disaster-recovery/ and https://askubuntu.com/questions/1332447/how-to-mount-an-encrypted-ubuntu-20-10-zfs-file-system-from-an-ubuntu-live-cd - kudos!
 # No implied warranty - use at your own risk!

 # Run as root
 sudo su -

 # Mount the rpool to extract the system key
 zpool import rpool -R /mnt

 # Get the system key for the rpool. You'll be prompted for the password
 cryptsetup open /dev/zvol/rpool/keystore zfskey

 # Mount the system key
 mkdir -p /media/dm
 mount /dev/dm-0 /media/dm

 # Copy the system key to the keylocation found with zfs list -o name,type,keylocation, 
 # usually /run/keystore/rpool/system.key. Not at the mountpoint /mnt, but at /
 mkdir -p /run/keystore/rpool
 cp -r /media/dm/system.key /run/keystore/rpool/

 # Unmount the keystore and the rpool
 umount /dev/dm-0
 cryptsetup close zfskey
 zpool export rpool

 # Then run zpool import with -l:
 zpool import -l -R /mnt rpool
 # Hopefully will say “1 /1 keys successfully loaded”

 # Import the boot zfs pool, will be mounted at /mnt/boot
 zpool import -f bpool -R /mnt

 # Mount the EFI boot partition
 mount -t msdos /dev/nvme0n1p1 /mnt/boot/efi

 # Mount /proc, /dev, /sys, and /dev/pts
 # on newer versions of systemd (Ubuntu 25.04 on the outside, 24.10 inside the chroot)
 # you also need to bind mount /run so be sure to add it to this list!
 for i in proc dev sys dev/pts; do mount -v --bind /$i /mnt/$i; done

 # Bind mount /mnt/boot/grub
 mount -v --bind /mnt/boot/efi/grub /mnt/boot/grub

 # chroot into the system we just mounted
 chroot /mnt

 # Fix the internet in the system we just mounted
 rm -rf /etc/resolv.conf
 echo 'nameserver 8.8.8.8' > resolv.conf

 # Apt update to test the internet
 apt update

 # Exit the chroot
 exit

 # And make sure to erase the key file!
 rm -rf /media/dm/system.key /run/keystore/rpool/
	# Heavily copied from https://develmonk.com/2022/05/20/mount-ubuntu-22-04-zfs-partitions-using-live-iso-for-disaster-recovery/ and https://askubuntu.com/questions/1332447/how-to-mount-an-encrypted-ubuntu-20-10-zfs-file-system-from-an-ubuntu-live-cd - kudos!
	# No implied warranty - use at your own risk!

	# Run as root
	sudo su -

	# Mount the rpool to extract the system key
	zpool import rpool -R /mnt

	# Get the system key for the rpool. You'll be prompted for the password
	cryptsetup open /dev/zvol/rpool/keystore zfskey

	# Mount the system key
	mkdir -p /media/dm
	mount /dev/dm-0 /media/dm

	# Copy the system key to the keylocation found with zfs list -o name,type,keylocation,
	# usually /run/keystore/rpool/system.key. Not at the mountpoint /mnt, but at /
	mkdir -p /run/keystore/rpool
	cp -r /media/dm/system.key /run/keystore/rpool/

	# Unmount the keystore and the rpool
	umount /dev/dm-0
	cryptsetup close zfskey
	zpool export rpool

	# Then run zpool import with -l:
	zpool import -l -R /mnt rpool
	# Hopefully will say “1 /1 keys successfully loaded”

	# Import the boot zfs pool, will be mounted at /mnt/boot
	zpool import -f bpool -R /mnt

	# Mount the EFI boot partition
	mount -t msdos /dev/nvme0n1p1 /mnt/boot/efi

	# Mount /proc, /dev, /sys, and /dev/pts
	# on newer versions of systemd (Ubuntu 25.04 on the outside, 24.10 inside the chroot)
	# you also need to bind mount /run so be sure to add it to this list!
	for i in proc dev sys dev/pts; do mount -v --bind /$i /mnt/$i; done

	# Bind mount /mnt/boot/grub
	mount -v --bind /mnt/boot/efi/grub /mnt/boot/grub

	# chroot into the system we just mounted
	chroot /mnt

	# Fix the internet in the system we just mounted
	rm -rf /etc/resolv.conf
	echo 'nameserver 8.8.8.8' > resolv.conf

	# Apt update to test the internet
	apt update

	# Exit the chroot
	exit

	# And make sure to erase the key file!
	rm -rf /media/dm/system.key /run/keystore/rpool/