From fff917132ec4ddb5ef8f34ac790d9959963dd74a Mon Sep 17 00:00:00 2001
From: Tom Barrett <tom@tombarrett.xyz>
Date: Wed, 21 Jul 2021 22:20:48 +0200
Subject: now with encryption

---
 airootfs/root/.loader   |  27 +++++++-
 airootfs/root/bootstrap |  41 +++++++-----
 run_archiso             | 174 ------------------------------------------------
 test                    |   7 --
 4 files changed, 51 insertions(+), 198 deletions(-)
 delete mode 100755 run_archiso
 delete mode 100755 test

diff --git a/airootfs/root/.loader b/airootfs/root/.loader
index 3f4bed6..2b50ba4 100755
--- a/airootfs/root/.loader
+++ b/airootfs/root/.loader
@@ -1,6 +1,12 @@
 #!/bin/bash
 set -e
 
+dd if=/dev/zero of=/swapfile bs=1M count=512 status=progress
+chmod 0600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+genfstab -U / | grep -v resolv > /etc/fstab
+
 ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
 
 hwclock --systohc
@@ -14,5 +20,22 @@ echo "127.0.0.1		localhost" >  /etc/hosts
 echo "::1		localhost" >> /etc/hosts
 echo "127.0.1.1		$2.lan $2" >> /etc/hosts
 
-grub-install $1
-grub-mkconfig -o /boot/grub/grub.cfg
+OLD="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)"
+NEW="HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)"
+sed -i "s|$OLD|$NEW|g" /etc/mkinitcpio.conf
+mkinitcpio -P
+
+UUID=$(lsblk --output UUID,PATH | grep "$3" | cut -f 1 -d ' ')
+OLD="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet\""
+NEW="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=$UUID:cryptroot root=/dev/mapper/cryptroot\""
+sed -i "s|$OLD|$NEW|g" /etc/default/grub
+
+grub-install "$1"
+if ! test -e "/sys/firmware/efi/efivars"; then
+	grub-mkconfig -o /boot/grub/grub.cfg
+else
+	grub-mkconfig -o /boot/grub/grub.cfg --efi-directory=/boot/
+fi
+passwd
+rm /root/loader
+echo "good to go !"
diff --git a/airootfs/root/bootstrap b/airootfs/root/bootstrap
index f059cc0..8876c5e 100755
--- a/airootfs/root/bootstrap
+++ b/airootfs/root/bootstrap
@@ -19,29 +19,40 @@ fi
 parted -s "$1" mklabel gpt 
 
 if ! test -e "/sys/firmware/efi/efivars"; then
-    parted "$1" mkpart bios ext4 0% 513MiB
-    mkfs.ext4 "$1"1
-    parted "$1" set 1 bios_grub on
-    parted "$1" mkpart home ext4 513MiB 100%
+    BOOT_DIR="$1"2
+    ROOT_DIR="$1"3
+
+    parted -s "$1" mkpart grub 0% 1MiB
+    parted -s "$1" set 1 bios_grub on
+
+    parted -s "$1" mkpart grubcfg 1MiB 513MiB
+    mkfs.ext4 "$BOOT_DIR"
+
+    parted -s "$1" mkpart root 513MiB 100%
 else
-    parted "$1" mkpart efi fat32 0% 513MiB
-    mkfs.fat -F 32 "$1"1
-    parted "$1" set 1 boot on
-    parted "$1" mkpart home ext4 513MiB 100%
+    BOOT_DIR="$1"1
+    ROOT_DIR="$1"2
+
+    parted -s "$1" mkpart efi fat32 0% 513MiB
+    mkfs.fat -F 32 "$BOOT_DIR"
+    parted -s "$1" set 1 boot on
+
+    parted -s "$1" mkpart home ext4 513MiB 100%
 fi
 
-mkfs.ext4 "$1"2
+cryptsetup luksFormat "$ROOT_DIR"
+cryptsetup open "$ROOT_DIR" root
+mkfs.ext4 /dev/mapper/root
 
-mount "$1"2 /mnt
-mkdir -p /mnt/boot/efi
-mount "$1"1 /mnt/boot/efi
+mount /dev/mapper/root /mnt
+mkdir -p /mnt/boot/
+mount "$BOOT_DIR" /mnt/boot
 
 timedatectl set-ntp true
 
 pacman-key --init
 pacman-key --populate
-pacstrap /mnt base linux linux-firmware git vim grub efibootmgr
+pacstrap /mnt base linux linux-firmware git vim grub efibootmgr arch-install-scripts
 
-genfstab -U /mnt > /mnt/etc/fstab
 cp /root/.loader /mnt/root/loader
-arch-chroot /mnt /root/loader $1 $2
+arch-chroot /mnt /root/loader "$1" "$2" "$ROOT_DIR"
diff --git a/run_archiso b/run_archiso
deleted file mode 100755
index 983a003..0000000
--- a/run_archiso
+++ /dev/null
@@ -1,174 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (C) 2020 David Runge <dvzrv@archlinux.org>
-#
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# A simple script to run an archiso image using qemu. The image can be booted
-# using BIOS or UEFI.
-#
-# Requirements:
-# - qemu
-# - edk2-ovmf (when UEFI booting)
-
-
-set -eu
-
-print_help() {
-    local usagetext
-    IFS='' read -r -d '' usagetext <<EOF || true
-Usage:
-    run_archiso [options]
-
-Options:
-    -a              set accessibility support using brltty
-    -b              set boot type to 'BIOS' (default)
-    -d              set image type to hard disk instead of optical disc
-    -h              print help
-    -i [image]      image to boot into
-    -s              use Secure Boot (only relevant when using UEFI)
-    -u              set boot type to 'UEFI'
-    -v              use VNC display (instead of default SDL)
-    -c [image]      attach an additional optical disc image (e.g. for cloud-init)
-
-Example:
-    Run an image using UEFI:
-    $ run_archiso -u -i archiso-2020.05.23-x86_64.iso
-EOF
-    printf '%s' "${usagetext}"
-}
-
-cleanup_working_dir() {
-    if [[ -d "${working_dir}" ]]; then
-        rm -rf -- "${working_dir}"
-    fi
-}
-
-copy_ovmf_vars() {
-    if [[ ! -f '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' ]]; then
-        printf 'ERROR: %s\n' "OVMF_VARS.fd not found. Install edk2-ovmf."
-        exit 1
-    fi
-    cp -av -- '/usr/share/edk2-ovmf/x64/OVMF_VARS.fd' "${working_dir}/"
-}
-
-check_image() {
-    if [[ -z "$image" ]]; then
-        printf 'ERROR: %s\n' "Image name can not be empty."
-        exit 1
-    fi
-    if [[ ! -f "$image" ]]; then
-        printf 'ERROR: %s\n' "Image file (${image}) does not exist."
-        exit 1
-    fi
-}
-
-run_image() {
-    if [[ "$boot_type" == 'uefi' ]]; then
-        copy_ovmf_vars
-        if [[ "${secure_boot}" == 'on' ]]; then
-            printf '%s\n' 'Using Secure Boot'
-            local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd'
-        else
-            local ovmf_code='/usr/share/edk2-ovmf/x64/OVMF_CODE.fd'
-        fi
-        qemu_options+=(
-            '-drive' "if=pflash,format=raw,unit=0,file=${ovmf_code},readonly"
-            '-drive' "if=pflash,format=raw,unit=1,file=${working_dir}/OVMF_VARS.fd"
-            '-global' "driver=cfi.pflash01,property=secure,value=${secure_boot}"
-        )
-    fi
-
-    if [[ "${accessibility}" == 'on' ]]; then
-        qemu_options+=(
-            '-chardev' 'braille,id=brltty'
-            '-device' 'usb-braille,id=usbbrl,chardev=brltty'
-        )
-    fi
-
-    if [[ -n "${oddimage}" ]]; then
-        qemu_options+=(
-            '-device' 'scsi-cd,bus=scsi0.0,drive=cdrom1'
-            '-drive' "id=cdrom1,if=none,format=raw,media=cdrom,readonly=on,file=${oddimage}"
-        )
-    fi
-
-    qemu-system-x86_64 \
-        -boot order=d,menu=on,reboot-timeout=5000 \
-        -m "size=3072,slots=0,maxmem=$((3072*1024*1024))" \
-        -k en-us \
-        -name archiso,process=archiso_0 \
-        -device virtio-scsi-pci,id=scsi0 \
-        -device "scsi-${mediatype%rom},bus=scsi0.0,drive=${mediatype}0" \
-        -drive "id=${mediatype}0,if=none,format=raw,media=${mediatype/hd/disk},readonly=on,file=${image}" \
-        -display "${display}" \
-        -vga virtio \
-        -audiodev pa,id=snd0 \
-        -device ich9-intel-hda \
-        -device hda-output,audiodev=snd0 \
-	-hda main \
-        -device virtio-net-pci,romfile=,netdev=net0 -netdev user,id=net0,hostfwd=tcp::60022-:22 \
-        -machine type=q35,smm=on,accel=kvm,usb=on,pcspk-audiodev=snd0 \
-        -global ICH9-LPC.disable_s3=1 \
-        -enable-kvm \
-        "${qemu_options[@]}" \
-        -serial stdio \
-        -no-reboot
-}
-
-image=''
-oddimage=''
-accessibility=''
-boot_type='bios'
-mediatype='cdrom'
-secure_boot='off'
-display='sdl'
-qemu_options=()
-working_dir="$(mktemp -dt run_archiso.XXXXXXXXXX)"
-trap cleanup_working_dir EXIT
-
-if (( ${#@} > 0 )); then
-    while getopts 'abc:dhi:suv' flag; do
-        case "$flag" in
-            a)
-                accessibility='on'
-                ;;
-            b)
-                boot_type='bios'
-                ;;
-            c)
-                oddimage="$OPTARG"
-                ;;
-            d)
-                mediatype='hd'
-                ;;
-            h)
-                print_help
-                exit 0
-                ;;
-            i)
-                image="$OPTARG"
-                ;;
-            u)
-                boot_type='uefi'
-                ;;
-            s)
-                secure_boot='on'
-                ;;
-            v)
-                display='none'
-                qemu_options+=(-vnc 'vnc=0.0.0.0:0,vnc=[::]:0')
-                ;;
-            *)
-                printf '%s\n' "Error: Wrong option. Try 'run_archiso -h'."
-                exit 1
-                ;;
-        esac
-    done
-else
-    print_help
-    exit 1
-fi
-
-check_image
-run_image
diff --git a/test b/test
deleted file mode 100755
index 7a6987b..0000000
--- a/test
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-if ! test -f "main"; then
-	qemu-img create main 20G
-fi
-
-./run_archiso -u -i images/$(ls images | sort | tail -n 1)
-- 
cgit v1.2.3