diff options
| author | xengineering <mail2xengineering@protonmail.com> | 2020-01-09 10:52:52 +0100 |
|---|---|---|
| committer | xengineering <mail2xengineering@protonmail.com> | 2020-01-09 10:52:52 +0100 |
| commit | 3839b0df19ed779f19defa7bb113c4930e15b745 (patch) | |
| tree | 4f5c75dcc52336237fc3f728c332c5f1d52b8904 | |
| parent | cd5cf703c4ef5f99787f407b122738e087fbfc36 (diff) | |
| parent | 457c01bfcd6346b8a06420d721fa02a216cea9bf (diff) | |
| download | archinstall-3839b0df19ed779f19defa7bb113c4930e15b745.tar archinstall-3839b0df19ed779f19defa7bb113c4930e15b745.tar.zst archinstall-3839b0df19ed779f19defa7bb113c4930e15b745.zip | |
Merge branch 'feature_luks' into devel
| -rw-r--r-- | stages/first_stage.sh | 32 | ||||
| -rw-r--r-- | stages/second_stage.sh | 4 | ||||
| -rw-r--r-- | util/close_crypto_partition.sh | 23 | ||||
| -rw-r--r-- | util/configure_initramfs.sh | 31 | ||||
| -rw-r--r-- | util/create_filesystems.sh | 11 | ||||
| -rw-r--r-- | util/format_crypto_partition.sh | 27 | ||||
| -rw-r--r-- | util/install_bootloader.sh | 28 | ||||
| -rw-r--r-- | util/mount_filesystems.sh | 5 | ||||
| -rw-r--r-- | util/open_crypto_partition.sh | 27 | ||||
| -rw-r--r-- | util/partition_disk.sh | 4 | ||||
| -rw-r--r-- | util/print_final_message.sh | 1 | ||||
| -rw-r--r-- | util/unmount_filesystems.sh | 7 | ||||
| -rw-r--r-- | util/write_config.py | 14 |
13 files changed, 197 insertions, 17 deletions
diff --git a/stages/first_stage.sh b/stages/first_stage.sh index 8b9d640..a3b7c03 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -32,11 +32,13 @@ python $REPOSITORY_PATH/util/write_config.py $CONFIG_FILE_PATH export disk=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "disk") export disk_path=/dev/$disk -export boot_partition_path="${disk_path}1" -export root_partition_path="${disk_path}2" +export efi_partition_path="${disk_path}1" +export boot_partition_path="${disk_path}2" +export main_partition_path="${disk_path}3" export hostname=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "hostname") export desktop=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "desktop") export admin_username=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "admin_username") +export system_encryption=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "system_encryption") bash confirm_installation.sh $disk @@ -45,9 +47,23 @@ bash check_bootmode.sh bash partition_disk.sh $disk_path -bash create_filesystems.sh $boot_partition_path $root_partition_path +if [ $system_encryption == "yes" ];then -bash mount_filesystems.sh $root_partition_path + bash format_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD + + bash open_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD + + export root_partition_path="/dev/mapper/main" + +else + + export root_partition_path=$main_partition_path + +fi + +bash create_filesystems.sh $efi_partition_path $boot_partition_path $root_partition_path + +bash mount_filesystems.sh $boot_partition_path $root_partition_path bash install_packages.sh $desktop @@ -59,6 +75,12 @@ echo "bash second_stage.sh" | arch-chroot /mnt bash copy_archinstall_log.sh $LOG_FILE_PATH -bash unmount_filesystems.sh $root_partition_path +bash unmount_filesystems.sh $boot_partition_path $root_partition_path + +if [ $system_encryption == "yes" ];then + + bash close_crypto_partition.sh $main_partition_path + +fi bash print_final_message.sh $DEFAULT_PASSWORD diff --git a/stages/second_stage.sh b/stages/second_stage.sh index 7020b6b..c2c0b92 100644 --- a/stages/second_stage.sh +++ b/stages/second_stage.sh @@ -29,8 +29,10 @@ bash configure_timezone.sh /usr/share/zoneinfo/Europe/Berlin bash configure_network.sh $hostname +bash configure_initramfs.sh + bash configure_users.sh $admin_username $DEFAULT_PASSWORD -bash install_bootloader.sh $boot_partition_path +bash install_bootloader.sh $efi_partition_path $system_encryption $main_partition_path bash configure_desktop.sh diff --git a/util/close_crypto_partition.sh b/util/close_crypto_partition.sh new file mode 100644 index 0000000..de96f6c --- /dev/null +++ b/util/close_crypto_partition.sh @@ -0,0 +1,23 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + + +cryptsetup close main + +echo "Closed crypto partition - OK" diff --git a/util/configure_initramfs.sh b/util/configure_initramfs.sh new file mode 100644 index 0000000..3222a89 --- /dev/null +++ b/util/configure_initramfs.sh @@ -0,0 +1,31 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + + +new_hooks_config_line="HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems fsck)" +echo "new_hooks_config_line: $new_hooks_config_line" +old_hooks_config_line=$(cat /etc/mkinitcpio.conf | grep "^HOOKS=") +echo "old_hooks_config_line: $old_hooks_config_line" + +sed -i "s|$old_hooks_config_line|$new_hooks_config_line|" /etc/mkinitcpio.conf + +mkinitcpio -P + + +echo "Configured initramfs - OK" diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh index 8f2341f..972eefd 100644 --- a/util/create_filesystems.sh +++ b/util/create_filesystems.sh @@ -18,12 +18,15 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. -boot_partition_path=$1 # e.g. /dev/sda1 -root_partition_path=$2 # e.g. /dev/sda2 +efi_partition_path=$1 # e.g. /dev/sda1 +boot_partition_path=$2 # e.g. /dev/sda2 +root_partition_path=$3 # e.g. /dev/sda3 or /dev/SystemVolumeGroup/root -mkfs.fat -F32 $boot_partition_path -fatlabel $boot_partition_path "BOOT" +mkfs.fat -F32 $efi_partition_path +fatlabel $efi_partition_path "EFI" +mkfs.ext4 $boot_partition_path +e2label $boot_partition_path "BOOT" mkfs.ext4 $root_partition_path e2label $root_partition_path "ROOT" diff --git a/util/format_crypto_partition.sh b/util/format_crypto_partition.sh new file mode 100644 index 0000000..688e280 --- /dev/null +++ b/util/format_crypto_partition.sh @@ -0,0 +1,27 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + + +main_partition_path=$1 +DEFAULT_PASSWORD=$2 + + +echo -n "$DEFAULT_PASSWORD" | cryptsetup luksFormat $main_partition_path - + +echo "Formatted crypto partition - OK" diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh index 29e211f..db6c8bc 100644 --- a/util/install_bootloader.sh +++ b/util/install_bootloader.sh @@ -18,13 +18,35 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. -boot_partition_path=$1 +efi_partition_path=$1 +system_encryption=$2 +main_partition_path=$3 -mount $boot_partition_path /mnt +############ Add encryption setting in /etc/default/grub before calling grub-mkconfig +## to generate /boot/grub/grub.cfg + +## See: https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader + + +mount $efi_partition_path /mnt grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \ --removable + +if [ $system_encryption == "yes" ];then + + cryptdevice_uuid=$(lsblk --fs | grep "$(basename $main_partition_path)" | awk '{print $3}') + echo "cryptdevice_uuid: $cryptdevice_uuid" + old_kernel_param_line=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT") + echo "old_kernel_param_line: $old_kernel_param_line" + new_kernal_param_line="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=${cryptdevice_uuid}:main root=/dev/mapper/main\"" + echo "new_kernel_param_line: $new_kernal_param_line" + echo "Adding kernel parameters to /etc/default/grub" + sed -i "s|$old_kernel_param_line|$new_kernal_param_line|" /etc/default/grub + +fi + grub-mkconfig -o /boot/grub/grub.cfg -umount $boot_partition_path +umount $efi_partition_path echo "Installed bootloader - OK" diff --git a/util/mount_filesystems.sh b/util/mount_filesystems.sh index 4bb66e4..f24421b 100644 --- a/util/mount_filesystems.sh +++ b/util/mount_filesystems.sh @@ -18,9 +18,12 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. -root_partition_path=$1 # e.g. /dev/sda2 +boot_partition_path=$1 +root_partition_path=$2 mount $root_partition_path /mnt +mkdir /mnt/boot +mount $boot_partition_path /mnt/boot echo "Mounted filesystems - OK" diff --git a/util/open_crypto_partition.sh b/util/open_crypto_partition.sh new file mode 100644 index 0000000..40e7a61 --- /dev/null +++ b/util/open_crypto_partition.sh @@ -0,0 +1,27 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + + +main_partition_path=$1 +DEFAULT_PASSWORD=$2 + + +echo -n "$DEFAULT_PASSWORD" | cryptsetup open $main_partition_path main - + +echo "Opened crypto partition - OK" diff --git a/util/partition_disk.sh b/util/partition_disk.sh index 096b1fd..fcad5b9 100644 --- a/util/partition_disk.sh +++ b/util/partition_disk.sh @@ -32,6 +32,10 @@ n n 2 ++200M +n +3 + p w diff --git a/util/print_final_message.sh b/util/print_final_message.sh index 9864470..46e99b9 100644 --- a/util/print_final_message.sh +++ b/util/print_final_message.sh @@ -25,6 +25,7 @@ cat << EOF ##################################################################### The default password for your user and root is '${default_password}'. + It is also the default password for drive encryption. You can now power off your machine with 'poweroff', remove the installation media and boot your new Arch Linux machine! diff --git a/util/unmount_filesystems.sh b/util/unmount_filesystems.sh index 770a5e7..6ccce3b 100644 --- a/util/unmount_filesystems.sh +++ b/util/unmount_filesystems.sh @@ -18,9 +18,12 @@ # along with this program. If not, see <https://www.gnu.org/licenses/>. -root_partition_path=$1 # e.g. /dev/sda2 +boot_partition_path=$1 +root_partition_path=$2 -cd /root && umount $root_partition_path +cd /root +umount $boot_partition_path +umount $root_partition_path echo "Unmounted filesystems - OK" diff --git a/util/write_config.py b/util/write_config.py index 8f9dae9..17653f1 100644 --- a/util/write_config.py +++ b/util/write_config.py @@ -42,7 +42,7 @@ print("Please type in the hostname of your new machine:") config["hostname"] = input() -# Desktop or no Desktop +# Desktop or no desktop print("Do you want to install a desktop? [Y/n]:") answer = input() @@ -58,6 +58,18 @@ print("Please select your username (like 'paul' or 'alice'):") config["admin_username"] = input() +# System encryption + +print("System encryption protects all your data if your device is stolen.") +print("A second password will be required at startup to decrypt the system.") +print("Do you want to encrypt your system? [Y/n]") +answer = input() +if answer in ["", "Y", "y", "Yes", "yes"]: + config["system_encryption"] = "yes" +else: + config["system_encryption"] = "no" + + # Write config to json file config_json = json.dumps(config, indent=4) |