diff options
| author | Tom Barrett <tom@tombarrett.xyz> | 2021-07-21 22:20:48 +0200 |
|---|---|---|
| committer | Tom Barrett <tom@tombarrett.xyz> | 2021-07-21 22:20:48 +0200 |
| commit | fff917132ec4ddb5ef8f34ac790d9959963dd74a (patch) | |
| tree | 091871643fe86021115bc43f55002fe53f21963b | |
| parent | 11c7f231d2cf06245b52e302868337ea44b6081f (diff) | |
now with encryption
| -rwxr-xr-x | airootfs/root/.loader | 27 | ||||
| -rwxr-xr-x | airootfs/root/bootstrap | 41 | ||||
| -rwxr-xr-x | run_archiso | 174 | ||||
| -rwxr-xr-x | test | 7 |
4 files changed, 51 insertions, 198 deletions
diff --git a/airootfs/root/.loader b/airootfs/root/.loader index 3f4bed6..2b50ba4 100755 --- a/airootfs/root/.loader +++ b/airootfs/root/.loader @@ -1,6 +1,12 @@ #!/bin/bash set -e +dd if=/dev/zero of=/swapfile bs=1M count=512 status=progress +chmod 0600 /swapfile +mkswap /swapfile +swapon /swapfile +genfstab -U / | grep -v resolv > /etc/fstab + ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime hwclock --systohc @@ -14,5 +20,22 @@ echo "127.0.0.1 localhost" > /etc/hosts echo "::1 localhost" >> /etc/hosts echo "127.0.1.1 $2.lan $2" >> /etc/hosts -grub-install $1 -grub-mkconfig -o /boot/grub/grub.cfg +OLD="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)" +NEW="HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)" +sed -i "s|$OLD|$NEW|g" /etc/mkinitcpio.conf +mkinitcpio -P + +UUID=$(lsblk --output UUID,PATH | grep "$3" | cut -f 1 -d ' ') +OLD="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet\"" +NEW="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=$UUID:cryptroot root=/dev/mapper/cryptroot\"" +sed -i "s|$OLD|$NEW|g" /etc/default/grub + +grub-install "$1" +if ! test -e "/sys/firmware/efi/efivars"; then + grub-mkconfig -o /boot/grub/grub.cfg +else + grub-mkconfig -o /boot/grub/grub.cfg --efi-directory=/boot/ +fi +passwd +rm /root/loader +echo "good to go !" diff --git a/airootfs/root/bootstrap b/airootfs/root/bootstrap index f059cc0..8876c5e 100755 --- a/airootfs/root/bootstrap +++ b/airootfs/root/bootstrap @@ -19,29 +19,40 @@ fi parted -s "$1" mklabel gpt if ! test -e "/sys/firmware/efi/efivars"; then - parted "$1" mkpart bios ext4 0% 513MiB - mkfs.ext4 "$1"1 - parted "$1" set 1 bios_grub on - parted "$1" mkpart home ext4 513MiB 100% + BOOT_DIR="$1"2 + ROOT_DIR="$1"3 + + parted -s "$1" mkpart grub 0% 1MiB + parted -s "$1" set 1 bios_grub on + + parted -s "$1" mkpart grubcfg 1MiB 513MiB + mkfs.ext4 "$BOOT_DIR" + + parted -s "$1" mkpart root 513MiB 100% else - parted "$1" mkpart efi fat32 0% 513MiB - mkfs.fat -F 32 "$1"1 - parted "$1" set 1 boot on - parted "$1" mkpart home ext4 513MiB 100% + BOOT_DIR="$1"1 + ROOT_DIR="$1"2 + + parted -s "$1" mkpart efi fat32 0% 513MiB + mkfs.fat -F 32 "$BOOT_DIR" + parted -s "$1" set 1 boot on + + parted -s "$1" mkpart home ext4 513MiB 100% fi -mkfs.ext4 "$1"2 +cryptsetup luksFormat "$ROOT_DIR" +cryptsetup open "$ROOT_DIR" root +mkfs.ext4 /dev/mapper/root -mount "$1"2 /mnt -mkdir -p /mnt/boot/efi -mount "$1"1 /mnt/boot/efi +mount /dev/mapper/root /mnt +mkdir -p /mnt/boot/ +mount "$BOOT_DIR" /mnt/boot timedatectl set-ntp true pacman-key --init pacman-key --populate -pacstrap /mnt base linux linux-firmware git vim grub efibootmgr +pacstrap /mnt base linux linux-firmware git vim grub efibootmgr arch-install-scripts -genfstab -U /mnt > /mnt/etc/fstab cp /root/.loader /mnt/root/loader -arch-chroot /mnt /root/loader $1 $2 +arch-chroot /mnt /root/loader "$1" "$2" "$ROOT_DIR" diff --git a/run_archiso b/run_archiso deleted file mode 100755 index 983a003..0000000 --- a/run_archiso +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (C) 2020 David Runge <dvzrv@archlinux.org> -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# A simple script to run an archiso image using qemu. The image can be booted -# using BIOS or UEFI. -# -# Requirements: -# - qemu -# - edk2-ovmf (when UEFI booting) - - -set -eu - -print_help() { - local usagetext - IFS='' read -r -d '' usagetext <<EOF || true -Usage: - run_archiso [options] - -Options: - -a set accessibility support using brltty - -b set boot type to 'BIOS' (default) - -d set image type to hard disk instead of optical disc - -h print help - -i [image] image to boot into - -s use Secure Boot (only relevant when using UEFI) - -u set boot type to 'UEFI' - -v use VNC display (instead of default SDL) - -c [image] attach an additional optical disc image (e.g. for cloud-init) - -Example: - Run an image using UEFI: - $ run_archiso -u -i archiso-2020.05.23-x86_64.iso -EOF - printf '%s' "${usagetext}" -} - -cleanup_working_dir() { - if [[ -d "${working_dir}" ]]; then - rm -rf -- "${working_dir}" - fi -} - -copy_ovmf_vars() { - if [[ ! -f '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' ]]; then - printf 'ERROR: %s\n' "OVMF_VARS.fd not found. Install edk2-ovmf." - exit 1 - fi - cp -av -- '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' "${working_dir}/" -} - -check_image() { - if [[ -z "$image" ]]; then - printf 'ERROR: %s\n' "Image name can not be empty." - exit 1 - fi - if [[ ! -f "$image" ]]; then - printf 'ERROR: %s\n' "Image file (${image}) does not exist." - exit 1 - fi -} - -run_image() { - if [[ "$boot_type" == 'uefi' ]]; then - copy_ovmf_vars - if [[ "${secure_boot}" == 'on' ]]; then - printf '%s\n' 'Using Secure Boot' - local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd' - else - local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.fd' - fi - qemu_options+=( - '-drive' "if=pflash,format=raw,unit=0,file=${ovmf_code},readonly" - '-drive' "if=pflash,format=raw,unit=1,file=${working_dir}/OVMF_VARS.fd" - '-global' "driver=cfi.pflash01,property=secure,value=${secure_boot}" - ) - fi - - if [[ "${accessibility}" == 'on' ]]; then - qemu_options+=( - '-chardev' 'braille,id=brltty' - '-device' 'usb-braille,id=usbbrl,chardev=brltty' - ) - fi - - if [[ -n "${oddimage}" ]]; then - qemu_options+=( - '-device' 'scsi-cd,bus=scsi0.0,drive=cdrom1' - '-drive' "id=cdrom1,if=none,format=raw,media=cdrom,readonly=on,file=${oddimage}" - ) - fi - - qemu-system-x86_64 \ - -boot order=d,menu=on,reboot-timeout=5000 \ - -m "size=3072,slots=0,maxmem=$((3072*1024*1024))" \ - -k en-us \ - -name archiso,process=archiso_0 \ - -device virtio-scsi-pci,id=scsi0 \ - -device "scsi-${mediatype%rom},bus=scsi0.0,drive=${mediatype}0" \ - -drive "id=${mediatype}0,if=none,format=raw,media=${mediatype/hd/disk},readonly=on,file=${image}" \ - -display "${display}" \ - -vga virtio \ - -audiodev pa,id=snd0 \ - -device ich9-intel-hda \ - -device hda-output,audiodev=snd0 \ - -hda main \ - -device virtio-net-pci,romfile=,netdev=net0 -netdev user,id=net0,hostfwd=tcp::60022-:22 \ - -machine type=q35,smm=on,accel=kvm,usb=on,pcspk-audiodev=snd0 \ - -global ICH9-LPC.disable_s3=1 \ - -enable-kvm \ - "${qemu_options[@]}" \ - -serial stdio \ - -no-reboot -} - -image='' -oddimage='' -accessibility='' -boot_type='bios' -mediatype='cdrom' -secure_boot='off' -display='sdl' -qemu_options=() -working_dir="$(mktemp -dt run_archiso.XXXXXXXXXX)" -trap cleanup_working_dir EXIT - -if (( ${#@} > 0 )); then - while getopts 'abc:dhi:suv' flag; do - case "$flag" in - a) - accessibility='on' - ;; - b) - boot_type='bios' - ;; - c) - oddimage="$OPTARG" - ;; - d) - mediatype='hd' - ;; - h) - print_help - exit 0 - ;; - i) - image="$OPTARG" - ;; - u) - boot_type='uefi' - ;; - s) - secure_boot='on' - ;; - v) - display='none' - qemu_options+=(-vnc 'vnc=0.0.0.0:0,vnc=[::]:0') - ;; - *) - printf '%s\n' "Error: Wrong option. Try 'run_archiso -h'." - exit 1 - ;; - esac - done -else - print_help - exit 1 -fi - -check_image -run_image @@ -1,7 +0,0 @@ -#!/bin/bash - -if ! test -f "main"; then - qemu-img create main 20G -fi - -./run_archiso -u -i images/$(ls images | sort | tail -n 1) |