From f5d7884eb22ab15a5a5c7a70cfcecec8cce360b8 Mon Sep 17 00:00:00 2001 From: xengineering Date: Tue, 17 Dec 2019 13:47:27 +0100 Subject: Renamed boot_partition to efi_partition and root_partition to main_partition. --- stages/first_stage.sh | 10 +++++----- stages/second_stage.sh | 2 +- util/create_filesystems.sh | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stages/first_stage.sh b/stages/first_stage.sh index 8b9d640..a491067 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -32,8 +32,8 @@ python $REPOSITORY_PATH/util/write_config.py $CONFIG_FILE_PATH export disk=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "disk") export disk_path=/dev/$disk -export boot_partition_path="${disk_path}1" -export root_partition_path="${disk_path}2" +export efi_partition_path="${disk_path}1" +export main_partition_path="${disk_path}2" export hostname=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "hostname") export desktop=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "desktop") export admin_username=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "admin_username") @@ -45,9 +45,9 @@ bash check_bootmode.sh bash partition_disk.sh $disk_path -bash create_filesystems.sh $boot_partition_path $root_partition_path +bash create_filesystems.sh $efi_partition_path $main_partition_path -bash mount_filesystems.sh $root_partition_path +bash mount_filesystems.sh $main_partition_path bash install_packages.sh $desktop @@ -59,6 +59,6 @@ echo "bash second_stage.sh" | arch-chroot /mnt bash copy_archinstall_log.sh $LOG_FILE_PATH -bash unmount_filesystems.sh $root_partition_path +bash unmount_filesystems.sh $main_partition_path bash print_final_message.sh $DEFAULT_PASSWORD diff --git a/stages/second_stage.sh b/stages/second_stage.sh index 7020b6b..5ad7745 100644 --- a/stages/second_stage.sh +++ b/stages/second_stage.sh @@ -31,6 +31,6 @@ bash configure_network.sh $hostname bash configure_users.sh $admin_username $DEFAULT_PASSWORD -bash install_bootloader.sh $boot_partition_path +bash install_bootloader.sh $efi_partition_path bash configure_desktop.sh diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh index 8f2341f..f3b06f1 100644 --- a/util/create_filesystems.sh +++ b/util/create_filesystems.sh @@ -18,13 +18,13 @@ # along with this program. If not, see . -boot_partition_path=$1 # e.g. /dev/sda1 -root_partition_path=$2 # e.g. /dev/sda2 +efi_partition_path=$1 # e.g. /dev/sda1 +main_partition_path=$2 # e.g. /dev/sda2 -mkfs.fat -F32 $boot_partition_path -fatlabel $boot_partition_path "BOOT" -mkfs.ext4 $root_partition_path -e2label $root_partition_path "ROOT" +mkfs.fat -F32 $efi_partition_path +fatlabel $efi_partition_path "EFI" +mkfs.ext4 $main_partition_path +e2label $main_partition_path "ROOT" echo "Created filesystems - OK" -- cgit v1.2.3-70-g09d2 From 0286fe576b48b6e7c191f37fea364cde1e21a713 Mon Sep 17 00:00:00 2001 From: xengineering Date: Tue, 17 Dec 2019 14:01:08 +0100 Subject: Implemented system encryption in write_config.py and first_stage.sh. --- stages/first_stage.sh | 9 +++++++++ util/write_config.py | 14 +++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/stages/first_stage.sh b/stages/first_stage.sh index a491067..cb1503a 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -37,6 +37,7 @@ export main_partition_path="${disk_path}2" export hostname=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "hostname") export desktop=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "desktop") export admin_username=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "admin_username") +export system_encryption=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "system_encryption") bash confirm_installation.sh $disk @@ -45,6 +46,14 @@ bash check_bootmode.sh bash partition_disk.sh $disk_path +if [ $system_encryption == "yes" ];then + + bash create_crypto_partition.sh $main_partition_path + + bash create_logical_volumes.sh + +fi + bash create_filesystems.sh $efi_partition_path $main_partition_path bash mount_filesystems.sh $main_partition_path diff --git a/util/write_config.py b/util/write_config.py index 8f9dae9..17653f1 100644 --- a/util/write_config.py +++ b/util/write_config.py @@ -42,7 +42,7 @@ print("Please type in the hostname of your new machine:") config["hostname"] = input() -# Desktop or no Desktop +# Desktop or no desktop print("Do you want to install a desktop? [Y/n]:") answer = input() @@ -58,6 +58,18 @@ print("Please select your username (like 'paul' or 'alice'):") config["admin_username"] = input() +# System encryption + +print("System encryption protects all your data if your device is stolen.") +print("A second password will be required at startup to decrypt the system.") +print("Do you want to encrypt your system? [Y/n]") +answer = input() +if answer in ["", "Y", "y", "Yes", "yes"]: + config["system_encryption"] = "yes" +else: + config["system_encryption"] = "no" + + # Write config to json file config_json = json.dumps(config, indent=4) -- cgit v1.2.3-70-g09d2 From 764beecf0429e2c89ea1a8bc87681e56a9ce2f82 Mon Sep 17 00:00:00 2001 From: xengineering Date: Wed, 18 Dec 2019 17:05:02 +0100 Subject: Renamed label of main partition to "MAIN". --- util/create_filesystems.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh index f3b06f1..58d67bb 100644 --- a/util/create_filesystems.sh +++ b/util/create_filesystems.sh @@ -25,6 +25,6 @@ main_partition_path=$2 # e.g. /dev/sda2 mkfs.fat -F32 $efi_partition_path fatlabel $efi_partition_path "EFI" mkfs.ext4 $main_partition_path -e2label $main_partition_path "ROOT" +e2label $main_partition_path "MAIN" echo "Created filesystems - OK" -- cgit v1.2.3-70-g09d2 From 607b0d56bab9b8babdffbdca21a82c7394a2db22 Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 11:32:53 +0100 Subject: partition_disk.sh ready for luks encryption. --- util/partition_disk.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/util/partition_disk.sh b/util/partition_disk.sh index 096b1fd..fcad5b9 100644 --- a/util/partition_disk.sh +++ b/util/partition_disk.sh @@ -32,6 +32,10 @@ n n 2 ++200M +n +3 + p w -- cgit v1.2.3-70-g09d2 From 0c9661f2d98f9464cc5d19eb5fac5cdc9fdc226b Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 11:45:58 +0100 Subject: format_crypto_partition.sh working. --- stages/first_stage.sh | 7 +++++-- util/format_crypto_partition.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 util/format_crypto_partition.sh diff --git a/stages/first_stage.sh b/stages/first_stage.sh index cb1503a..ba0590a 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -33,7 +33,8 @@ python $REPOSITORY_PATH/util/write_config.py $CONFIG_FILE_PATH export disk=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "disk") export disk_path=/dev/$disk export efi_partition_path="${disk_path}1" -export main_partition_path="${disk_path}2" +export boot_partition_path="${disk_path}2" +export main_partition_path="${disk_path}3" export hostname=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "hostname") export desktop=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "desktop") export admin_username=$(python $REPOSITORY_PATH/util/read_config_string.py $CONFIG_FILE_PATH "admin_username") @@ -48,7 +49,9 @@ bash partition_disk.sh $disk_path if [ $system_encryption == "yes" ];then - bash create_crypto_partition.sh $main_partition_path + bash format_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD + + bash open_crypto_partition.sh bash create_logical_volumes.sh diff --git a/util/format_crypto_partition.sh b/util/format_crypto_partition.sh new file mode 100644 index 0000000..bde9a1e --- /dev/null +++ b/util/format_crypto_partition.sh @@ -0,0 +1,29 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +main_partition_path=$1 +DEFAULT_PASSWORD=$2 + + +cryptsetup luksFormat $main_partition_path << EOF +YES +$DEFAULT_PASSWORD +$DEFAULT_PASSWORD +EOF -- cgit v1.2.3-70-g09d2 From fc727bec9ca7c0ba1465bdd6b45ba262244191ab Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 14:37:59 +0100 Subject: Formatting and opening luks Partition works. --- stages/first_stage.sh | 4 ++-- util/format_crypto_partition.sh | 6 +----- util/open_crypto_partition.sh | 25 +++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 util/open_crypto_partition.sh diff --git a/stages/first_stage.sh b/stages/first_stage.sh index ba0590a..b2331f0 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -51,9 +51,9 @@ if [ $system_encryption == "yes" ];then bash format_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD - bash open_crypto_partition.sh + bash open_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD - bash create_logical_volumes.sh + bash create_logical_volumes.sh $main_partition_path fi diff --git a/util/format_crypto_partition.sh b/util/format_crypto_partition.sh index bde9a1e..97cdad4 100644 --- a/util/format_crypto_partition.sh +++ b/util/format_crypto_partition.sh @@ -22,8 +22,4 @@ main_partition_path=$1 DEFAULT_PASSWORD=$2 -cryptsetup luksFormat $main_partition_path << EOF -YES -$DEFAULT_PASSWORD -$DEFAULT_PASSWORD -EOF +echo -n "$DEFAULT_PASSWORD" | cryptsetup luksFormat $main_partition_path - diff --git a/util/open_crypto_partition.sh b/util/open_crypto_partition.sh new file mode 100644 index 0000000..2a01c55 --- /dev/null +++ b/util/open_crypto_partition.sh @@ -0,0 +1,25 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +main_partition_path=$1 +DEFAULT_PASSWORD=$2 + + +echo -n "$DEFAULT_PASSWORD" | cryptsetup open $main_partition_path main - -- cgit v1.2.3-70-g09d2 From 36bb8d372ab57d68dae365619bf20cf89a612021 Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 14:49:18 +0100 Subject: setup_lvm.sh is working. --- stages/first_stage.sh | 4 +++- util/setup_lvm.sh | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 util/setup_lvm.sh diff --git a/stages/first_stage.sh b/stages/first_stage.sh index b2331f0..b268353 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -53,7 +53,9 @@ if [ $system_encryption == "yes" ];then bash open_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD - bash create_logical_volumes.sh $main_partition_path + bash setup_lvm.sh + + export main_partition_path="/dev/SystemVolumeGroup/root" fi diff --git a/util/setup_lvm.sh b/util/setup_lvm.sh new file mode 100644 index 0000000..ac6f5fe --- /dev/null +++ b/util/setup_lvm.sh @@ -0,0 +1,23 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +pvcreate /dev/mapper/main +vgcreate SystemVolumeGroup /dev/mapper/main +lvcreate -l 100%FREE SystemVolumeGroup -n root -- cgit v1.2.3-70-g09d2 From b26983b4e967957f5ecc32d75663a723f97c2588 Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 15:20:25 +0100 Subject: Reimplemented some modules for luks encryption. --- stages/first_stage.sh | 12 ++++++++---- util/create_filesystems.sh | 9 ++++++--- util/install_bootloader.sh | 6 +++--- util/mount_filesystems.sh | 5 ++++- util/unmount_filesystems.sh | 7 +++++-- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/stages/first_stage.sh b/stages/first_stage.sh index b268353..9520894 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -55,13 +55,17 @@ if [ $system_encryption == "yes" ];then bash setup_lvm.sh - export main_partition_path="/dev/SystemVolumeGroup/root" + export root_partition_path="/dev/SystemVolumeGroup/root" + +else + + export root_partition_path=$main_partition_path fi -bash create_filesystems.sh $efi_partition_path $main_partition_path +bash create_filesystems.sh $efi_partition_path $boot_partition_path $root_partition_path -bash mount_filesystems.sh $main_partition_path +bash mount_filesystems.sh $boot_partition_path $root_partition_path bash install_packages.sh $desktop @@ -73,6 +77,6 @@ echo "bash second_stage.sh" | arch-chroot /mnt bash copy_archinstall_log.sh $LOG_FILE_PATH -bash unmount_filesystems.sh $main_partition_path +bash unmount_filesystems.sh $boot_partition_path $root_partition_path bash print_final_message.sh $DEFAULT_PASSWORD diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh index 58d67bb..41ed84a 100644 --- a/util/create_filesystems.sh +++ b/util/create_filesystems.sh @@ -19,12 +19,15 @@ efi_partition_path=$1 # e.g. /dev/sda1 -main_partition_path=$2 # e.g. /dev/sda2 +boot_partition_path=$2 # e.g. /dev/sda2 +root_partition_path=$3 # e.g. /dev/sda3 or /dev/SystemVolumeGroup/root mkfs.fat -F32 $efi_partition_path fatlabel $efi_partition_path "EFI" -mkfs.ext4 $main_partition_path -e2label $main_partition_path "MAIN" +mkfs.ext4 $boot_partition_path +e2label $boot_partition_path "BOOT" +mkfs.ext4 $root_partition_path +e2label $root_partition_path "MAIN" echo "Created filesystems - OK" diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh index 29e211f..cf6c374 100644 --- a/util/install_bootloader.sh +++ b/util/install_bootloader.sh @@ -18,13 +18,13 @@ # along with this program. If not, see . -boot_partition_path=$1 +efi_partition_path=$1 -mount $boot_partition_path /mnt +mount $efi_partition_path /mnt grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \ --removable grub-mkconfig -o /boot/grub/grub.cfg -umount $boot_partition_path +umount $efi_partition_path echo "Installed bootloader - OK" diff --git a/util/mount_filesystems.sh b/util/mount_filesystems.sh index 4bb66e4..f24421b 100644 --- a/util/mount_filesystems.sh +++ b/util/mount_filesystems.sh @@ -18,9 +18,12 @@ # along with this program. If not, see . -root_partition_path=$1 # e.g. /dev/sda2 +boot_partition_path=$1 +root_partition_path=$2 mount $root_partition_path /mnt +mkdir /mnt/boot +mount $boot_partition_path /mnt/boot echo "Mounted filesystems - OK" diff --git a/util/unmount_filesystems.sh b/util/unmount_filesystems.sh index 770a5e7..6ccce3b 100644 --- a/util/unmount_filesystems.sh +++ b/util/unmount_filesystems.sh @@ -18,9 +18,12 @@ # along with this program. If not, see . -root_partition_path=$1 # e.g. /dev/sda2 +boot_partition_path=$1 +root_partition_path=$2 -cd /root && umount $root_partition_path +cd /root +umount $boot_partition_path +umount $root_partition_path echo "Unmounted filesystems - OK" -- cgit v1.2.3-70-g09d2 From 9050875a8d36640d7068afd6b6632a97104d8df4 Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 20:15:03 +0100 Subject: Some improvement for encrypted formatting. --- stages/first_stage.sh | 6 ++++++ stages/second_stage.sh | 2 ++ util/close_crypto_partition.sh | 26 ++++++++++++++++++++++++++ util/create_filesystems.sh | 2 +- util/format_crypto_partition.sh | 2 ++ util/open_crypto_partition.sh | 2 ++ 6 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 util/close_crypto_partition.sh diff --git a/stages/first_stage.sh b/stages/first_stage.sh index 9520894..ea11fa4 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -79,4 +79,10 @@ bash copy_archinstall_log.sh $LOG_FILE_PATH bash unmount_filesystems.sh $boot_partition_path $root_partition_path +if [ $system_encryption == "yes" ];then + + bash close_crypto_partition.sh $main_partition_path + +fi + bash print_final_message.sh $DEFAULT_PASSWORD diff --git a/stages/second_stage.sh b/stages/second_stage.sh index 5ad7745..34c4a49 100644 --- a/stages/second_stage.sh +++ b/stages/second_stage.sh @@ -29,6 +29,8 @@ bash configure_timezone.sh /usr/share/zoneinfo/Europe/Berlin bash configure_network.sh $hostname +bash recreate_initramfs.sh + bash configure_users.sh $admin_username $DEFAULT_PASSWORD bash install_bootloader.sh $efi_partition_path diff --git a/util/close_crypto_partition.sh b/util/close_crypto_partition.sh new file mode 100644 index 0000000..52bc50f --- /dev/null +++ b/util/close_crypto_partition.sh @@ -0,0 +1,26 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +main_partition_path=$1 + + +cryptsetup close $main_partition_path + +echo "Closed crypto partition - OK" diff --git a/util/create_filesystems.sh b/util/create_filesystems.sh index 41ed84a..972eefd 100644 --- a/util/create_filesystems.sh +++ b/util/create_filesystems.sh @@ -28,6 +28,6 @@ fatlabel $efi_partition_path "EFI" mkfs.ext4 $boot_partition_path e2label $boot_partition_path "BOOT" mkfs.ext4 $root_partition_path -e2label $root_partition_path "MAIN" +e2label $root_partition_path "ROOT" echo "Created filesystems - OK" diff --git a/util/format_crypto_partition.sh b/util/format_crypto_partition.sh index 97cdad4..688e280 100644 --- a/util/format_crypto_partition.sh +++ b/util/format_crypto_partition.sh @@ -23,3 +23,5 @@ DEFAULT_PASSWORD=$2 echo -n "$DEFAULT_PASSWORD" | cryptsetup luksFormat $main_partition_path - + +echo "Formatted crypto partition - OK" diff --git a/util/open_crypto_partition.sh b/util/open_crypto_partition.sh index 2a01c55..40e7a61 100644 --- a/util/open_crypto_partition.sh +++ b/util/open_crypto_partition.sh @@ -23,3 +23,5 @@ DEFAULT_PASSWORD=$2 echo -n "$DEFAULT_PASSWORD" | cryptsetup open $main_partition_path main - + +echo "Opened crypto partition - OK" -- cgit v1.2.3-70-g09d2 From 9ccbdf11c564bae4cddd449e0342516b008be49b Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 20:51:57 +0100 Subject: Removed LVM on top of LUKS for a MVP-style version of encryption. --- stages/first_stage.sh | 4 +--- util/setup_lvm.sh | 23 ----------------------- 2 files changed, 1 insertion(+), 26 deletions(-) delete mode 100644 util/setup_lvm.sh diff --git a/stages/first_stage.sh b/stages/first_stage.sh index ea11fa4..a3b7c03 100644 --- a/stages/first_stage.sh +++ b/stages/first_stage.sh @@ -53,9 +53,7 @@ if [ $system_encryption == "yes" ];then bash open_crypto_partition.sh $main_partition_path $DEFAULT_PASSWORD - bash setup_lvm.sh - - export root_partition_path="/dev/SystemVolumeGroup/root" + export root_partition_path="/dev/mapper/main" else diff --git a/util/setup_lvm.sh b/util/setup_lvm.sh deleted file mode 100644 index ac6f5fe..0000000 --- a/util/setup_lvm.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - - -# archinstall - A minimal Installation Script for Arch Linux -# Copyright (C) 2019 xengineering - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -pvcreate /dev/mapper/main -vgcreate SystemVolumeGroup /dev/mapper/main -lvcreate -l 100%FREE SystemVolumeGroup -n root -- cgit v1.2.3-70-g09d2 From 9f5e38930ffdaf2b4a1b544d183b98bc482ba13d Mon Sep 17 00:00:00 2001 From: xengineering Date: Sun, 22 Dec 2019 20:59:50 +0100 Subject: Bugfix for closing LUKS partition. --- util/close_crypto_partition.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/util/close_crypto_partition.sh b/util/close_crypto_partition.sh index 52bc50f..de96f6c 100644 --- a/util/close_crypto_partition.sh +++ b/util/close_crypto_partition.sh @@ -18,9 +18,6 @@ # along with this program. If not, see . -main_partition_path=$1 - - -cryptsetup close $main_partition_path +cryptsetup close main echo "Closed crypto partition - OK" -- cgit v1.2.3-70-g09d2 From e218e91ad0ec6b660ca9ae7f3c45d5cde5a36fdf Mon Sep 17 00:00:00 2001 From: xengineering Date: Wed, 8 Jan 2020 22:06:38 +0100 Subject: First version of luks encrypted archinstall. --- stages/second_stage.sh | 4 ++-- util/configure_initramfs.sh | 31 +++++++++++++++++++++++++++++++ util/install_bootloader.sh | 21 +++++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 util/configure_initramfs.sh diff --git a/stages/second_stage.sh b/stages/second_stage.sh index 34c4a49..015d89b 100644 --- a/stages/second_stage.sh +++ b/stages/second_stage.sh @@ -29,10 +29,10 @@ bash configure_timezone.sh /usr/share/zoneinfo/Europe/Berlin bash configure_network.sh $hostname -bash recreate_initramfs.sh +bash configure_initramfs.sh bash configure_users.sh $admin_username $DEFAULT_PASSWORD -bash install_bootloader.sh $efi_partition_path +bash install_bootloader.sh $efi_partition_path $system_encryption bash configure_desktop.sh diff --git a/util/configure_initramfs.sh b/util/configure_initramfs.sh new file mode 100644 index 0000000..3222a89 --- /dev/null +++ b/util/configure_initramfs.sh @@ -0,0 +1,31 @@ +#!/bin/bash + + +# archinstall - A minimal Installation Script for Arch Linux +# Copyright (C) 2019 xengineering + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +new_hooks_config_line="HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems fsck)" +echo "new_hooks_config_line: $new_hooks_config_line" +old_hooks_config_line=$(cat /etc/mkinitcpio.conf | grep "^HOOKS=") +echo "old_hooks_config_line: $old_hooks_config_line" + +sed -i "s|$old_hooks_config_line|$new_hooks_config_line|" /etc/mkinitcpio.conf + +mkinitcpio -P + + +echo "Configured initramfs - OK" diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh index cf6c374..4d3e9b9 100644 --- a/util/install_bootloader.sh +++ b/util/install_bootloader.sh @@ -19,11 +19,32 @@ efi_partition_path=$1 +system_encryption=$2 + + +############ Add encryption setting in /etc/default/grub before calling grub-mkconfig +## to generate /boot/grub/grub.cfg + +## See: https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader mount $efi_partition_path /mnt grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \ --removable + +if [ $system_encryption == "yes" ];then + + cryptdevice_uuid=$(lsblk --fs | grep $main_partition_path | awk '{print $3}') + echo "cryptdevice_uuid: $cryptdevice_uuid" + old_kernel_param_line=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT") + echo "old_kernel_param_line: $old_kernel_param_line" + new_kernal_param_line="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=${cryptdevice_uuid}:main root=/dev/mapper/main\"" + echo "new_kernel_param_line: $new_kernal_param_line" + echo "Adding kernel parameters to /etc/default/grub" + sed -i "s|$old_kernel_param_line|$new_kernal_param_line|" /etc/default/grub + +fi + grub-mkconfig -o /boot/grub/grub.cfg umount $efi_partition_path -- cgit v1.2.3-70-g09d2 From 28040393a5ded9909d11743e5cd0cafcd145f931 Mon Sep 17 00:00:00 2001 From: xengineering Date: Wed, 8 Jan 2020 22:27:26 +0100 Subject: Bugfixes for luks encryption. --- util/install_bootloader.sh | 2 +- util/print_final_message.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh index 4d3e9b9..1f3c4e3 100644 --- a/util/install_bootloader.sh +++ b/util/install_bootloader.sh @@ -34,7 +34,7 @@ grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \ if [ $system_encryption == "yes" ];then - cryptdevice_uuid=$(lsblk --fs | grep $main_partition_path | awk '{print $3}') + cryptdevice_uuid=$(lsblk --fs | grep "${basename $main_partition_path}" | awk '{print $3}') echo "cryptdevice_uuid: $cryptdevice_uuid" old_kernel_param_line=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT") echo "old_kernel_param_line: $old_kernel_param_line" diff --git a/util/print_final_message.sh b/util/print_final_message.sh index 9864470..46e99b9 100644 --- a/util/print_final_message.sh +++ b/util/print_final_message.sh @@ -25,6 +25,7 @@ cat << EOF ##################################################################### The default password for your user and root is '${default_password}'. + It is also the default password for drive encryption. You can now power off your machine with 'poweroff', remove the installation media and boot your new Arch Linux machine! -- cgit v1.2.3-70-g09d2 From 457c01bfcd6346b8a06420d721fa02a216cea9bf Mon Sep 17 00:00:00 2001 From: xengineering Date: Thu, 9 Jan 2020 10:46:37 +0100 Subject: Bugfix for install_bootloader.sh. --- stages/second_stage.sh | 2 +- util/install_bootloader.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stages/second_stage.sh b/stages/second_stage.sh index 015d89b..c2c0b92 100644 --- a/stages/second_stage.sh +++ b/stages/second_stage.sh @@ -33,6 +33,6 @@ bash configure_initramfs.sh bash configure_users.sh $admin_username $DEFAULT_PASSWORD -bash install_bootloader.sh $efi_partition_path $system_encryption +bash install_bootloader.sh $efi_partition_path $system_encryption $main_partition_path bash configure_desktop.sh diff --git a/util/install_bootloader.sh b/util/install_bootloader.sh index 1f3c4e3..db6c8bc 100644 --- a/util/install_bootloader.sh +++ b/util/install_bootloader.sh @@ -20,6 +20,7 @@ efi_partition_path=$1 system_encryption=$2 +main_partition_path=$3 ############ Add encryption setting in /etc/default/grub before calling grub-mkconfig @@ -34,7 +35,7 @@ grub-install --target=x86_64-efi --efi-directory=/mnt --bootloader-id=GRUB \ if [ $system_encryption == "yes" ];then - cryptdevice_uuid=$(lsblk --fs | grep "${basename $main_partition_path}" | awk '{print $3}') + cryptdevice_uuid=$(lsblk --fs | grep "$(basename $main_partition_path)" | awk '{print $3}') echo "cryptdevice_uuid: $cryptdevice_uuid" old_kernel_param_line=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT") echo "old_kernel_param_line: $old_kernel_param_line" -- cgit v1.2.3-70-g09d2