From fff917132ec4ddb5ef8f34ac790d9959963dd74a Mon Sep 17 00:00:00 2001 From: Tom Barrett Date: Wed, 21 Jul 2021 22:20:48 +0200 Subject: now with encryption --- airootfs/root/.loader | 27 +++++++++++++++++++++++++-- airootfs/root/bootstrap | 41 ++++++++++++++++++++++++++--------------- 2 files changed, 51 insertions(+), 17 deletions(-) (limited to 'airootfs/root') diff --git a/airootfs/root/.loader b/airootfs/root/.loader index 3f4bed6..2b50ba4 100755 --- a/airootfs/root/.loader +++ b/airootfs/root/.loader @@ -1,6 +1,12 @@ #!/bin/bash set -e +dd if=/dev/zero of=/swapfile bs=1M count=512 status=progress +chmod 0600 /swapfile +mkswap /swapfile +swapon /swapfile +genfstab -U / | grep -v resolv > /etc/fstab + ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime hwclock --systohc @@ -14,5 +20,22 @@ echo "127.0.0.1 localhost" > /etc/hosts echo "::1 localhost" >> /etc/hosts echo "127.0.1.1 $2.lan $2" >> /etc/hosts -grub-install $1 -grub-mkconfig -o /boot/grub/grub.cfg +OLD="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)" +NEW="HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)" +sed -i "s|$OLD|$NEW|g" /etc/mkinitcpio.conf +mkinitcpio -P + +UUID=$(lsblk --output UUID,PATH | grep "$3" | cut -f 1 -d ' ') +OLD="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet\"" +NEW="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=$UUID:cryptroot root=/dev/mapper/cryptroot\"" +sed -i "s|$OLD|$NEW|g" /etc/default/grub + +grub-install "$1" +if ! test -e "/sys/firmware/efi/efivars"; then + grub-mkconfig -o /boot/grub/grub.cfg +else + grub-mkconfig -o /boot/grub/grub.cfg --efi-directory=/boot/ +fi +passwd +rm /root/loader +echo "good to go !" diff --git a/airootfs/root/bootstrap b/airootfs/root/bootstrap index f059cc0..8876c5e 100755 --- a/airootfs/root/bootstrap +++ b/airootfs/root/bootstrap @@ -19,29 +19,40 @@ fi parted -s "$1" mklabel gpt if ! test -e "/sys/firmware/efi/efivars"; then - parted "$1" mkpart bios ext4 0% 513MiB - mkfs.ext4 "$1"1 - parted "$1" set 1 bios_grub on - parted "$1" mkpart home ext4 513MiB 100% + BOOT_DIR="$1"2 + ROOT_DIR="$1"3 + + parted -s "$1" mkpart grub 0% 1MiB + parted -s "$1" set 1 bios_grub on + + parted -s "$1" mkpart grubcfg 1MiB 513MiB + mkfs.ext4 "$BOOT_DIR" + + parted -s "$1" mkpart root 513MiB 100% else - parted "$1" mkpart efi fat32 0% 513MiB - mkfs.fat -F 32 "$1"1 - parted "$1" set 1 boot on - parted "$1" mkpart home ext4 513MiB 100% + BOOT_DIR="$1"1 + ROOT_DIR="$1"2 + + parted -s "$1" mkpart efi fat32 0% 513MiB + mkfs.fat -F 32 "$BOOT_DIR" + parted -s "$1" set 1 boot on + + parted -s "$1" mkpart home ext4 513MiB 100% fi -mkfs.ext4 "$1"2 +cryptsetup luksFormat "$ROOT_DIR" +cryptsetup open "$ROOT_DIR" root +mkfs.ext4 /dev/mapper/root -mount "$1"2 /mnt -mkdir -p /mnt/boot/efi -mount "$1"1 /mnt/boot/efi +mount /dev/mapper/root /mnt +mkdir -p /mnt/boot/ +mount "$BOOT_DIR" /mnt/boot timedatectl set-ntp true pacman-key --init pacman-key --populate -pacstrap /mnt base linux linux-firmware git vim grub efibootmgr +pacstrap /mnt base linux linux-firmware git vim grub efibootmgr arch-install-scripts -genfstab -U /mnt > /mnt/etc/fstab cp /root/.loader /mnt/root/loader -arch-chroot /mnt /root/loader $1 $2 +arch-chroot /mnt /root/loader "$1" "$2" "$ROOT_DIR" -- cgit v1.2.3