Merge branch 'feature_luks' into devel

11 files changed, 167 insertions, 11 deletions

diff --git a/util/close_crypto_partition.sh b/util/close_crypto_partition.sh
new file mode 100644
index 0000000..de96f6c
--- /dev/null
+++ b/util/close_crypto_partition.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+
+#  archinstall - A minimal Installation Script for Arch Linux
+#  Copyright (C) 2019  xengineering
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+cryptsetup close main
+
+echo "Closed crypto partition - OK"
diff --git a/util/configure_initramfs.sh b/util/configure_initramfs.sh
new file mode 100644
index 0000000..3222a89
--- /dev/null
+++ b/util/configure_initramfs.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+
+#  archinstall - A minimal Installation Script for Arch Linux
+#  Copyright (C) 2019  xengineering
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+new_hooks_config_line="HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems fsck)"
+echo "new_hooks_config_line: $new_hooks_config_line"
+old_hooks_config_line=$(cat /etc/mkinitcpio.conf | grep "^HOOKS=")
+echo "old_hooks_config_line: $old_hooks_config_line"
+
+sed -i "s|$old_hooks_config_line|$new_hooks_config_line|" /etc/mkinitcpio.conf
+
+mkinitcpio -P
+
+
+echo "Configured initramfs - OK"
diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh
index 8f2341f..972eefd 100644
--- a/util/create_filesystems.sh
+++ b/util/create_filesystems.sh
@@ -18,12 +18,15 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-boot_partition_path=$1  # e.g. /dev/sda1
-root_partition_path=$2  # e.g. /dev/sda2
+efi_partition_path=$1  # e.g. /dev/sda1
+boot_partition_path=$2  # e.g. /dev/sda2
+root_partition_path=$3  # e.g. /dev/sda3 or /dev/SystemVolumeGroup/root
 
 
-mkfs.fat -F32 $boot_partition_path
-fatlabel $boot_partition_path "BOOT"
+mkfs.fat -F32 $efi_partition_path
+fatlabel $efi_partition_path "EFI"
+mkfs.ext4 $boot_partition_path
+e2label $boot_partition_path "BOOT"
 mkfs.ext4 $root_partition_path
 e2label $root_partition_path "ROOT"
 
diff --git a/util/format_crypto_partition.sh b/util/format_crypto_partition.sh
new file mode 100644
index 0000000..688e280
--- /dev/null
+++ b/util/format_crypto_partition.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+
+#  archinstall - A minimal Installation Script for Arch Linux
+#  Copyright (C) 2019  xengineering
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+main_partition_path=$1
+DEFAULT_PASSWORD=$2
+
+
+echo -n "$DEFAULT_PASSWORD" | cryptsetup luksFormat $main_partition_path -
+
+echo "Formatted crypto partition - OK"
diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh
index 29e211f..db6c8bc 100644
--- a/util/install_bootloader.sh
+++ b/util/install_bootloader.sh
@@ -18,13 +18,35 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-boot_partition_path=$1
+efi_partition_path=$1
+system_encryption=$2
+main_partition_path=$3
 
 
-mount $boot_partition_path /mnt
+############ Add encryption setting in /etc/default/grub before calling grub-mkconfig
+## to generate /boot/grub/grub.cfg
+
+## See: https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
+
+
+mount $efi_partition_path /mnt
 grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \
 --removable
+
+if [ $system_encryption == "yes" ];then
+
+    cryptdevice_uuid=$(lsblk --fs | grep "$(basename $main_partition_path)" | awk '{print $3}')
+    echo "cryptdevice_uuid: $cryptdevice_uuid"
+    old_kernel_param_line=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT")
+    echo "old_kernel_param_line: $old_kernel_param_line"
+    new_kernal_param_line="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=${cryptdevice_uuid}:main root=/dev/mapper/main\""
+    echo "new_kernel_param_line: $new_kernal_param_line"
+    echo "Adding kernel parameters to /etc/default/grub"
+    sed -i "s|$old_kernel_param_line|$new_kernal_param_line|" /etc/default/grub
+
+fi
+
 grub-mkconfig -o /boot/grub/grub.cfg
-umount $boot_partition_path
+umount $efi_partition_path
 
 echo "Installed bootloader - OK"
diff --git a/util/mount_filesystems.sh b/util/mount_filesystems.sh
index 4bb66e4..f24421b 100644
--- a/util/mount_filesystems.sh
+++ b/util/mount_filesystems.sh
@@ -18,9 +18,12 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-root_partition_path=$1  # e.g. /dev/sda2
+boot_partition_path=$1
+root_partition_path=$2
 
 
 mount $root_partition_path /mnt
+mkdir /mnt/boot
+mount $boot_partition_path /mnt/boot
 
 echo "Mounted filesystems - OK"
diff --git a/util/open_crypto_partition.sh b/util/open_crypto_partition.sh
new file mode 100644
index 0000000..40e7a61
--- /dev/null
+++ b/util/open_crypto_partition.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+
+#  archinstall - A minimal Installation Script for Arch Linux
+#  Copyright (C) 2019  xengineering
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+main_partition_path=$1
+DEFAULT_PASSWORD=$2
+
+
+echo -n "$DEFAULT_PASSWORD" | cryptsetup open $main_partition_path main -
+
+echo "Opened crypto partition - OK"
diff --git a/util/partition_disk.sh b/util/partition_disk.sh
index 096b1fd..fcad5b9 100644
--- a/util/partition_disk.sh
+++ b/util/partition_disk.sh
@@ -32,6 +32,10 @@ n
 n
 2
 
++200M
+n
+3
+
 
 p
 w
diff --git a/util/print_final_message.sh b/util/print_final_message.sh
index 9864470..46e99b9 100644
--- a/util/print_final_message.sh
+++ b/util/print_final_message.sh
@@ -25,6 +25,7 @@ cat << EOF
 #####################################################################
 
     The default password for your user and root is '${default_password}'.
+    It is also the default password for drive encryption.
     You can now power off your machine with 'poweroff',
     remove the installation media and boot your new
     Arch Linux machine!
diff --git a/util/unmount_filesystems.sh b/util/unmount_filesystems.sh
index 770a5e7..6ccce3b 100644
--- a/util/unmount_filesystems.sh
+++ b/util/unmount_filesystems.sh
@@ -18,9 +18,12 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-root_partition_path=$1  # e.g. /dev/sda2
+boot_partition_path=$1
+root_partition_path=$2
 
 
-cd /root && umount $root_partition_path
+cd /root
+umount $boot_partition_path
+umount $root_partition_path
 
 echo "Unmounted filesystems - OK"
diff --git a/util/write_config.py b/util/write_config.py
index 8f9dae9..17653f1 100644
--- a/util/write_config.py
+++ b/util/write_config.py
@@ -42,7 +42,7 @@ print("Please type in the hostname of your new machine:")
 config["hostname"] = input()
 
 
-# Desktop or no Desktop
+# Desktop or no desktop
 
 print("Do you want to install a desktop? [Y/n]:")
 answer = input()
@@ -58,6 +58,18 @@ print("Please select your username (like 'paul' or 'alice'):")
 config["admin_username"] = input()
 
 
+# System encryption
+
+print("System encryption protects all your data if your device is stolen.")
+print("A second password will be required at startup to decrypt the system.")
+print("Do you want to encrypt your system? [Y/n]")
+answer = input()
+if answer in ["", "Y", "y", "Yes", "yes"]:
+    config["system_encryption"] = "yes"
+else:
+    config["system_encryption"] = "no"
+
+
 # Write config to json file
 
 config_json = json.dumps(config, indent=4)