Preservation/kaiten-yaki
1
0
Fork 0
mirror of https://github.com/suikan4github/kaiten-yaki.git synced 2025-12-20 10:31:17 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Automatic passphrase check

Browse source
This commit is contained in:
Suikan 2021-06-28 08:03:25 +09:00
parent 4f4c87b4ca
commit 12c1ab29c8
1 changed files with 18 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

33
ubuntu_en.md
View file

@ -45,9 +45,21 @@ sudo -i
## Input Passphrase ## Input Passphrase
Input a passphrase to lock your crypt system. This passphrase is required to type when GRUB starts. Input a passphrase to lock your crypt system. This passphrase is required to type when GRUB starts.
The passphrase is recorded as an environment variable to refuge the type multiple time without error. The passphrase is recorded as an environment variable to refuge the type multiple time without error.
To be sure, passphrases are required twice here, and fail if they are not identical.
```bash ```bash
# Setup the passphrase of the crypt partition # Setup the passphrase of the crypt partition
read -sr PASSPHRASE read -sr PASSPHRASE
# Type passphrase again to confirm
read -sr PASSPHRASE2
if [ ${PASSPHRASE} = ${PASSPHRASE} ] ; then
echo "OK"
else
echo "**** ERROR! The passphrases does not match. repeat this scripts again *****"
fi
``` ```
## Configuration parameters ## Configuration parameters
This is a set of parameter for the configuration of : This is a set of parameter for the configuration of :
@ -139,24 +151,12 @@ fi
printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}"
``` ```
## Open the LUKS partition ## Open the LUKS partition
You have to opened the LUKS partition here for the subsequent tasks. To open it, the script asks you type the passphrase. You have to opened the LUKS partition here for the subsequent tasks.
For the first distribution to install, I recommend you to type the passphrase to open the partition, because
you might create the partition and encrypted it this time. The encryption was done with your passphrase you set to the
PASSPHRASE variable. So, this is the last chance whether you set the passphrase correctly or not.
```bash
# Open the created crypt partition. To be sure, input the passphrase manually
cryptsetup open "${DEV}${CRYPTPARTITION}" ${CRYPTPARTNAME}
```
For the second, third, ... distribution to install, I recommend you to feed the passphrase from PASSPHRASE
variable automatically. The partition was encrypted in past. So, the this is the chance to check whether
the passphrase in the PASSPHRASE variable is correct or not.
```bash ```bash
# Open the created crypt partition. To be sure, input the passphrase manually # Open the created crypt partition. To be sure, input the passphrase manually
printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" ${CRYPTPARTNAME} printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" ${CRYPTPARTNAME}
```
If everything is done successfully, you will see the LUKS volume under /dev/mapper
```bash
# Check whether successful open. If mapped, it is successful. # Check whether successful open. If mapped, it is successful.
ls -l /dev/mapper ls -l /dev/mapper
``` ```
@ -204,10 +204,13 @@ As noted above, do not reboot. Click "Continue Testing". If you reboot at here,
## Mount the target file system ## Mount the target file system
After Ubiquity finish the installation, mount the target directories and chroot to that. After Ubiquity finish the installation, mount the target directories and chroot to that.
```bash ```bash
# Mount the volume and change root
# /target is created by the Ubiquity installer # /target is created by the Ubiquity installer
mount /dev/mapper/${VGNAME}-${LVROOT} /target mount /dev/mapper/${VGNAME}-${LVROOT} /target
# And mount other directories
for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "/target/$n"; done for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "/target/$n"; done
# Change root
chroot /target /bin/bash chroot /target /bin/bash
``` ```
## Add auto decryption to the target kernel ## Add auto decryption to the target kernel