Rework ZFS configuration page and fix GELI encryption with swap

[ericbsd]

• Fix encpass= ordering so it immediately follows the .eli partition line, preventing boot failure when swap is present
• Tie swap encryption (SWAP.eli) to disk encryption instead of a separate checkbox
• Redesign ZFS page to two-column layout: settings grid on the left, disk list on the right
• Rename "Pool Type" to "Pool Layout" and simplify ComboBox entries to stripe, mirror, raidz1, raidz2, raidz3
• Remove "single disk" option (replaced by stripe)
• Always show Pool Name label and entry instead of a checkbox toggle
• Remove Encrypt Swap and Mirror Swap checkboxes (swap mirror is handled automatically by pc-sysinstall for multi-disk pools)
• Remove duplicate password strength functions, import from gbi_common
• Remove dead code: unused variables (memory, auto), tree_selection, on_check_poll, on_check_swap_encrypt, on_check_swap_mirror, no-op row increment
• Fix self.zfs_four_k initialized as string "True" instead of bool
• Replace set_from_stock with set_from_icon_name for password match icon
• Convert all %s formatting to f-strings
• Update Gtk.Label() calls to use label= keyword
• Bump version to 11.1

Summary by Sourcery

Rework the ZFS configuration UI and partitioning logic, simplifying pool layout selection and tying swap encryption to disk encryption while updating supporting code and versioning.

New Features:

• Introduce a two-column ZFS configuration layout with settings on the left and disk list on the right.
• Always expose a Pool Name field with a default value instead of a gated checkbox.
• Add unified pool layout options (stripe, mirror, raidz1, raidz2, raidz3) for ZFS pools.

Bug Fixes:

• Ensure GELI encpass is written immediately after the encrypted ZFS partition and correctly apply SWAP.eli when disk encryption is enabled, preventing boot failures with encrypted swap.
• Initialize the ZFS 4k block size flag as a proper boolean to avoid misconfiguration.

Enhancements:

• Simplify ZFS pool selection UX, including updated helper text and validation based on the number of selected disks.
• Automatically mirror swap for multi-disk pools via the installer instead of exposing separate swap encryption and mirroring toggles in the UI.
• Streamline button enablement logic for pool creation based on layout and disk selection.
• Modernize Gtk usage and string formatting by switching to keyword label arguments, icon-name based images, and f-strings, and remove dead or unused code paths.

Build:

• Bump the application version to 11.1 in setup configuration.

[sourcery-ai]

Reviewer's Guide

Reworks the ZFS configuration UI into a two‑column layout, simplifies pool layout selection, ties swap encryption to disk encryption with correct encpass ordering, refactors password handling and validation helpers, and performs several small cleanups and version bump.

Class diagram for updated ZFS configuration logic

classDiagram
  class ZFS {
    +list zfs_disk_list
    +button3
    +vbox1
    +store
    +check_cell
    +mirrorTips
    +mirror
    +poolType
    +pool
    +scheme
    +zfs_four_k bool
    +swap_entry
    +disk_encript bool
    +passwd_label
    +password
    +strenght_label
    +vpasswd_label
    +repassword
    +img
    +__init__(button3)
    +save_selection()
    +sheme_selection(combobox)
    +mirror_selection(combobox)
    +on_check(widget)
    +on_check_encrypt(widget)
    +get_model()
    +load_data()
    +check_if_small_disk(size_string)
    +col1_toggled_cb(cell, path, model)
    +small_disk_warning()
    +resset_selection(widget, window)
    +digit_only(entry)
    +passwdstrength(widget)
    +passwdVerification(widget)
  }

  class GtkComponents {
    <<interface>> GtkComponents
    +VBox
    +HBox
    +Grid
    +Label
    +Entry
    +ComboBoxText
    +CheckButton
    +TreeView
    +TreeViewColumn
    +ScrolledWindow
    +Image
  }

  ZFS ..> GtkComponents : uses

Loading

File-Level Changes

Change	Details	Files
Fix partition file generation to correctly associate GELI disk and swap encryption with encpass ordering to avoid boot failures.	Refactor size and swap calculations in save_selection for clarity and to use local variables with clearer names. Ensure encpass= line is written immediately after the ZFS .eli partition definition when disk encryption is enabled. Write SWAP.eli instead of SWAP when disk encryption is enabled so swap follows disk encryption automatically. Make swap partition creation conditional on swap size and always append after the encpass block. Normalize final ZFS partition size using a separate final_space variable based on BIOS vs UEFI boot mode.	src/use_zfs.py
Redesign the ZFS configuration page layout and simplify pool layout semantics and validation logic.	Replace legacy single‑column grid/table layout with a two‑column layout: left grid for settings (pool layout, pool name, swap, 4k, encryption, passwords) and right panel for disk list and tips. Simplify mirror/pool layout combo options to stripe, mirror, raidz1, raidz2, raidz3 and update mirror_selection logic accordingly. Always expose the Pool Name entry (default zroot) with a static label instead of a toggle checkbox controlling zpool creation. Unify and simplify button3 sensitivity logic based on selected layout and number of selected disks across mirror_selection, col1_toggled_cb, on_check_encrypt, and passwdVerification. Keep zfs_four_k as a proper boolean initialized to True and ensure the 4k checkbox toggles it via on_check.	src/use_zfs.py
Clean up swap configuration UI by removing separate swap encryption/mirroring controls and relying on pc-sysinstall and disk encryption state.	Remove Encrypt Swap and Mirror Swap checkboxes and associated state (swap_encrypt, swap_mirror) and callbacks. Tie swap behavior directly to disk_encript in save_selection when emitting SWAP vs SWAP.eli. Clarify swap size handling with a dedicated swap_entry field and label in the settings grid.	src/use_zfs.py
Refactor password strength and verification UI, de-duplicate helpers, and modernize GTK usage.	Remove multiple local password classification helper functions in favor of importing common password logic from gbi_common (passwdstrength/passwdVerification behavior retained but signatures simplified). Update Gtk.Label instantiations to use the label= keyword consistently for better readability and GTK best practices. Switch password verification icon updates from deprecated set_from_stock to set_from_icon_name using gtk-yes/gtk-no with Gtk.IconSize.MENU. Adjust passwdstrength and passwdVerification signatures to ignore their widget argument and rely on internal state, simplifying the callbacks.	src/use_zfs.py
General code modernizations and dead code removal in ZFS configuration logic.	Convert string formatting from %s interpolation to f-strings for paths, zpoolName, partscheme, partition definitions, and other output strings. Remove unused variables and dead UI code (memory, auto, tree_selection, some commented grid attachments, unused callbacks like on_check_poll). Simplify loops such as resset_selection iteration and disk aggregation in save_selection. Ensure small_disk_warning uses Gtk.Label(label=...) and minor alignment/size properties are adjusted for the new layout.	src/use_zfs.py
Version bump and minor boot manager groundwork for encrypted scenarios.	Bump application version from 10.7 to 11.1 in setup.py. Introduce commented placeholder logic in boot_manager to detect encpass= in the disk scheme and potentially gate rEFInd boot manager availability based on encryption in future work.	setup.py src/boot_manager.py

Assessment against linked issues

Issue	Objective	Addressed	Explanation
ghostbsd/issues#68	Enable full system (root disk) encryption using GELI from the GhostBSD installer, by generating an appropriate encrypted ZFS disk layout and configuration.	✅

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The logic that enables/disables button3 based on self.mirror and len(self.zfs_disk_list) is still duplicated across mirror_selection, on_check_encrypt, col1_toggled_cb, and passwdVerification; consider extracting this into a single helper (e.g. _update_button3_sensitivity()) to keep the rules consistent and easier to maintain.
• In boot_manager.py you’ve left a commented-out encrypted check and conditional around self.refind; either wire this into the behavior or remove the dead code/comment to avoid confusion about the intended logic.
• Some of the user-facing mirror layout messages (e.g. in mirror_selection for raidz1/2/3) are slightly awkward or missing spaces around the (select the smallest disk first) suffix; a quick pass to normalize these strings would improve the UI text clarity.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The logic that enables/disables `button3` based on `self.mirror` and `len(self.zfs_disk_list)` is still duplicated across `mirror_selection`, `on_check_encrypt`, `col1_toggled_cb`, and `passwdVerification`; consider extracting this into a single helper (e.g. `_update_button3_sensitivity()`) to keep the rules consistent and easier to maintain.
- In `boot_manager.py` you’ve left a commented-out `encrypted` check and conditional around `self.refind`; either wire this into the behavior or remove the dead code/comment to avoid confusion about the intended logic.
- Some of the user-facing mirror layout messages (e.g. in `mirror_selection` for raidz1/2/3) are slightly awkward or missing spaces around the `(select the smallest disk first)` suffix; a quick pass to normalize these strings would improve the UI text clarity.

## Individual Comments

### Comment 1
<location path="src/boot_manager.py" line_range="68-71" />
<code_context>
             read = open(disk_scheme, 'r')
             read_scheme = read.read()
         scheme = 'GPT' if 'GPT' in read_scheme else 'MBR'
+        # encrypted = 'encpass=' in read_scheme
         Title = Gtk.Label('Boot Option', name="Header")
         Title.set_property("height-request", 50)
</code_context>
<issue_to_address>
**question (bug_risk):** Commented-out encryption handling suggests incomplete logic around rEFInd availability.

The new `encpass=` detection is only present as a commented line, and the rEFInd condition is still just `scheme == 'GPT' and loader == "UEFI"`. If rEFInd is incompatible with some encrypted setups, this can result in offering rEFInd when it shouldn’t be available. Either fully implement and verify the encryption check around rEFInd, or remove the commented code to avoid ambiguity about the intended behavior.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}