Preservation/kaiten-yaki
1
0
Fork 0
mirror of https://github.com/suikan4github/kaiten-yaki.git synced 2025-12-20 02:21:17 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added void unified script

Browse source
This commit is contained in:
Suikan 2021-06-30 23:03:30 +09:00
parent a8dd34d222
commit 4d0f926ee4
10 changed files with 450 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -1,4 +1,4 @@
# Yet another Full Disk Encryption for GRUB/Linux
# Kaiten-yaki : Yet another Full Disk Encryption for GRUB/Linux
Helpful scripts of the full disk encryption for the Linux distribution
This is a script correction to help the installation of Linux distribution with the full disc encryption. Followings are the list of functionality.
@ -26,12 +26,21 @@ These scripts are tested with following environment.
- VMWare Workstation 15.5.7 ( EFI/BIOS )
- Ubuntu 20.04.2 amd64 desktop
- Ubuntu Mate 20.04.2 amd64 desktop
- void-live-x86_64-20210218-mate.iso
- void-live-x86_64-musl-20210218-mate.iso
# Preparation
Stat the PC with the LiveCD/LiveUSB of the distribution to install. Download this repository from github, and expand it.
Start the PC with the LiveCD/LiveUSB of the distribution to install. Download this repository from github, and expand it.
# Installation
- Ubuntu : Go to the ubuntu sub-directory and follow the procedure in the [INSTALL-ubuntu.md](INSTALL-ubuntu.md)
Go to script directory and follow the procedure in the [INSTALL.md](INSTALL.md)
# Known issues
If you install two ore more Void Linux in to the EFI system, only the last one can boot without trouble. This is not the problem of Kaiten-yaki.
# Acknowledgments
These scripts are based on the script shared on the [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint and techniques around the encrypted volume and Ubiquity installer.
These scripts are based on the script shared on the [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint and techniques around the encrypted volume and Ubiquity installer.
# Kaiten-yaki
![](image/i-like-kaiten-yaki.jpg)

113
archive/INSTALL-ubuntu.md
View file

@ -1,113 +0,0 @@
# Ubuntu 20.04LTS installation into the LVM on the LUKS volume
Installation requires 3 scripts.
- 1-pre-install.sh
- 2-para-install.sh
- 3-post-install.sh
Each script have to be executed as sourced style. For example :
```shell
source 1-pre-install.sh
```
If you execute these script as independent command style, it will show an error message and terminate immediately.
The first step has parameter configuration, erasing disk, format partition, and encryption. This is most critical stage of the entire installation. You have to finish this stage before invoking Ubiquity installer.
The timing of the 2nd step is little bit difficult. You have to execute this script after the Ubiquity installer starts to copy the file, and before the Ubiquity installer finishes.
The third stage is easy. There is nothing user can do. Everything is automatic.
# Preparation
# Installation
Follow the steps below.
## Configuration parameters
This is very critical part of the installation. The configuration parameters are located in the top of the 1-pre-install.sh. Edit these parameter before installation. Following is a set of the default parameters for the configuration of :
- Install to **/dev/sda** (DEV).
- Erase entire disk (ERASEALL).
- In case of EFI firmware, 100MB is allocated to the EFI partition (EFISIZE).
- Create a logical volume group named "vg1" in the encrypted volume (VGNAME)
- Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE)
- Create a logical volume named **"ubuntu"** for / in the "vg1". The size of the **50%** of the entire free space (LVROOTNAME, LVROOTSIZE).
```bash
# Storage device to install the linux.
export DEV="/dev/sda"
# Whether you want to erase all contents of the storage device or not.
# 1 : Yes, I want to erase all.
# 0 : No, I don't. I want to add to the existing LUKS volume.
export ERASEALL=1
# Logical Volume name for your Linux installation. Keep it unique from other distribution.
export LVROOTNAME="ubuntu"
# Logical volume size of the Linux installation.
# 30% mean, new logical volume will use 30% of the free space in the LVM volume group.
# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume.
export LVROOTSIZE="50%FREE"
# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation.
export EFISIZE="100M"
export LVSWAPSIZE="8G"
# Usually, these names can be left untouched.
# If you change, keep them consistent through all instllation in your system.
export CRYPTPARTNAME="luks_volume"
export VGNAME="vg1"
export LVSWAPNAME="swap"
```
There are several restrictions :
- For the first distribution installation, you must set ERASEALL to 1, to erase entire screen and create a LUKS partition. YaFDE script create a maximum LUKS partition as possible.
- The LVROOMNAME must be unique among all installation in a computer. Otherwise, the installer terminate at a middle.
- The LVSWAPNAME must be unique among all installation in a computer. Otherwise, the installer create an unnecessary logical volume. This is waste of storage resource.
- The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation.
- The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively.
## Preparation of shell window
First of all, promote the shell to root. Almost of the procedure requires root privilege. Not that the scripts requires Bash.
```bash
# Promote to the root user
sudo -i
```
## The first script
After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as root user, and you have to use Bash.
```bash
source 1-pre-install.sh
```
After the several interactive confirmation, script will as you input the passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrase between all distribution installation in a computer. Otherwise, install process terminates with error.
## Run the Ubiquity installer
After the first script finishes, open the Ubiquity installer, configure and run it. Ensure you map the followings correctly.
Host Volume | Target Directory | Comment
-----------------------|------------------|---------------------------------------------------------------
/dev/sda1 | /boot/efi | BIOS system doesn't need this mapping
/dev/mapper/vg1-ubuntu | / | Host volume name is up to your configuration parameter.
/dev/mapper/swap | swap | Only the first distribution installation requires this mapping.
C A U T I O N : After the Ubiquity installer starts the file copy, execute 2nd step script quickly before the installer finishes.
![Partitioning](../image/ubuntu_partitioning.png)
## The second script
Run the following script on the shell window, during the Ubiquity runs. Otherwise, Ubiquity fails at the end of installation. If you run this script too early, it terminates with error message. This is safe. Run it again later ( but before Ubiquity finish).
C A U T I O N : Do not reboot at the end of Ubiquity installation. Click "continue".
```bash
source 2-para-install.sh
```
![Installing](../image/ubuntu_installing.png)
## Click continue
As explained above, do not reboot. Click "Continue Testing". If you reboot at here, system will ask you the passphrase twice.
![Installing](../image/ubuntu_done.png)
## The third script
After Ubiquity finish the installation, run the 3rd script. This is fully automatic. There is nothing you have to do.
```bash
source post-install.sh
```
You can reboot after the script finishes.

BIN
image/i-like-kaiten-yaki.jpg Executable file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
image/ubuntu_installing.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 330 KiB

BIN
image/void_done.png Executable file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
image/void_partitioning.png Executable file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 48 KiB

123
script/INSTALL.md Normal file
View file

@ -0,0 +1,123 @@
# Ubuntu/Void-Linux installation into the LVM on the LUKS volume
Installation requires mainly 2 steps.
- Configure the parameters in config.sh.
- Run the kaiten-yaki script
Each script have to be executed as sourced style. For example :
```shell
source ubuntu-kaiten-yaki.sh
```
If you execute these script as independent command style, it will show an error message and terminate the process immediately.
The first stage of the script is preparation like : erasing disk, format partition, and encryption. This is most critical stage of the entire installation process. This part is controlled by the configuration parameter. Thus, you have to edit the config.txt carefully.
In the second stage, the distribution dependent installer is invoked. That is the Ubiquity of Ubuntu and the void-installer of Void linux.
The third stage is easy. There is nothing user can do. Everything is automatic.
# Installation
Follow the steps below.
## Configuration parameters
This is very critical part of the installation. The configuration parameters are in the top of the config.sh. Edit these parameters before the installation.
Followings are set of the default settings of the parameters :
- Install to **/dev/sda** (DEV).
- Erase entire disk (ERASEALL).
- In case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE).
- Create a logical volume group named "vg1" in the encrypted volume (VGNAME)
- Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE)
- Create a logical volume named **"anko"** for / in the "vg1". The size of the **50%** of the entire free space (LVROOTNAME, LVROOTSIZE).
```bash
# Storage device to install the linux.
export DEV="/dev/sda"
# Whether you want to erase all contents of the storage device or not.
# 1 : Yes, I want to erase all.
# 0 : No, I don't. I want to add to the existing LUKS volume.
export ERASEALL=1
# Logical Volume name for your Linux installation. Keep it unique from other distribution.
export LVROOTNAME="ubuntu"
# Logical volume size of the Linux installation.
# 30% mean, new logical volume will use 30% of the free space in the LVM volume group.
# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume.
export LVROOTSIZE="50%FREE"
# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation.
export EFISIZE="100M"
export LVSWAPSIZE="8G"
# Usually, these names can be left untouched.
# If you change, keep them consistent through all instllation in your system.
export CRYPTPARTNAME="luks_volume"
export VGNAME="vg1"
export LVSWAPNAME="swap"
# Void Linux only. Ignored in Ubuntu.
# The font size of the void-installer
export XTERMFONTSIZE=11
```
There are several restrictions :
- For the first distribution installation, you must set ERASEALL to 1, to erase entire screen and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible.
- The LVROOMNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminate at a middle.
- The LVSWAPNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is waste of storage resource.
- The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation only.
- The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively.
## Shell preparation
First of all, promote the shell to root. Almost of the procedure requires root privilege. Note that the scripts requires Bash.
In case of Ubuntu :
```bash
# Promote to the root user
sudo -i
```
In case of Void-Linux :
```bash
sudo -i
bash
xbps-install -Su xbps nano
```
The nano is editor package to configure the config.txt. The editor choice is up to you. Kaiten-yaki scripts doesn't use editor.
Then, edit the config.txt as explained above.
## First stage : Setting up the volumes
After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as root user, and you have to use Bash.
In case of Ubuntu :
```bash
source ubuntu-kaiten-yaki.sh
```
In case of Void Linux
```bash
source void-kaiten-yaki.sh
```
After the several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrase between all installation of the distributions in a computer. Otherwise, install process terminates with error.
## Second stage : GUI/TUI installer
After the first script finishes, the GUI/TUI installer starts automatically. Configure it as usual and run it. Ensure you map the followings correctly.
Host Volume | Target Directory | Comment
-----------------------|------------------|---------------------------------------------------------------
/dev/sda1 | /boot/efi | BIOS system doesn't need this mapping
/dev/mapper/vg1-ubuntu | / | Host volume name is up to your configuration parameter.
/dev/mapper/swap | swap | Only the first distribution installation requires this mapping.
During the GUI/TUI installer copying files, Kaiten-yaki modifies the /etc/default/grub of target system. This is pretty dirty way. If we don't modify this file, GUI/TUI installer fails at last.
![Ubuntu Partitioning](../image/ubuntu_partitioning.png)
![Void Partitioning](../image/void_partitioning.png)
## Do not reboot
At the end of the GUI/TUI installing, do not reboot the system. Click "Continue" and just exit the GUI/TUI installer without rebooting. Otherwise, we cannot finalize the entire installation process.
![Ubuntu done](../image/ubuntu_done.png)
![Void done](../image/void_done.png)
## Third stage : Finalizing
After GUI/TUI installer window is closed, final part of the install process automatically starts. You can reboot the system, if you see the completion message on the console.

2
script/config.sh
View file

@ -17,7 +17,7 @@ export LVROOTNAME="anko"
export LVROOTSIZE="50%FREE"
# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation.
export EFISIZE="100M"
export EFISIZE="200M"
export LVSWAPSIZE="8G"
# Usually, these names can be left untouched.

27
script/ubuntu-kaiten-yaki.sh
View file

@ -6,7 +6,7 @@ if [ $sourced -eq 0 ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Must execute as source *****
Execute as following :
source 1-pre-install.sh
source ubuntu-kaiten-yaki.sh
Installation terminated.
HEREDOC
@ -28,7 +28,7 @@ if [ $? -eq 1 ] ; then # "Ubuntu" is not found in the OS name.
cat <<HEREDOC
*******************************************************************************
This system seems to be not Void Linux, while this script is dediated to the Void Linux.
Are you sure you want to run this script for installation? [Y/N]
Are you sure you want to run this script? [Y/N]
HEREDOC
read YESNO
if [ ${YESNO} != "Y" -a ${YESNO} != "y" ] ; then
@ -42,7 +42,11 @@ HEREDOC
fi # "Ubuntu" is not found in the OS name.
# For surre ask the config.sh is edited
echo "Are you ready to install? The destination logical volume label is \"${LVROOTNAME}\" [Y/N]"
cat <<HEREDOC
The destination logical volume label is \"${LVROOTNAME}\"
\"${LVROOTNAME}\" uses ${LVROOTSIZE} of the LVM volume group.
Are you ready to install? [Y/N]
HEREDOC
read YESNO
if [ ${YESNO} != "Y" -a ${YESNO} != "y" ] ; then
cat <<HEREDOC 1>&2
@ -194,7 +198,7 @@ Host Volume | Target Directory | Comment
/dev/mapper/vg1-ubuntu | / | Host volume name is up to your
| | configuration parameter.
/dev/mapper/swap | swap | Only the first distribution
| | installation requires this mapping.
| | requires this mapping.
************************ CAUTION! CAUTION! CAUTION! ****************************
@ -212,7 +216,7 @@ ubiquity &
ubiquity_pid=$!
# While the /etc/default/grub in the install target is NOT existing, keep sleeping.
# If ubiquity terminated without installation, this script also terminates.
# If ubiquity terminated without file copy, this script also terminates.
while [ ! -e /target/etc/default/grub ]
do
sleep 1 # 1sec.
@ -246,19 +250,6 @@ wait $ubiquity_pid
# Post-install stage
# *******************************************************************************
# Varidate whether script is executed as sourced or not
(return 0 2>/dev/null) && sourced=1 || sourced=0
if [ $sourced -eq 0 ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Must execute as source *****
Execute as following :
source 3-post-install.sh
Installation terminated.
HEREDOC
exit # use "exit" instead of "return", if not "sourced" execusion
fi # "sourced" validation
## Mount the target file system
# /target is created by the Ubiquity installer
echo "...Mount /dev/mapper/${VGNAME}-${LVROOTNAME} on /target."

304
script/void-kaiten-yaki.sh Normal file
View file

@ -0,0 +1,304 @@
#!/bin/bash
# Varidate whether script is executed as sourced or not
(return 0 2>/dev/null) && sourced=1 || sourced=0
if [ $sourced -eq 0 ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Must execute as source *****
Execute as following :
source ubuntu-kaiten-yaki.sh
Installation terminated.
HEREDOC
exit # use "exit" instead of "return", if not "sourced" execusion
fi # "sourced" validation
# Load configuration parameter
source config.sh
# *******************************************************************************
# Confirmation and Passphrase setting
# *******************************************************************************
# Distribution check
uname -a | grep void -i > /dev/null
if [ $? -eq 1 ] ; then # "Void" is not found in the OS name.
echo "*********************************************************************************"
uname -a
cat <<HEREDOC
*********************************************************************************
This system seems to be not Void Linux, while this script is dediated to the Void Linux.
Are you sure you want to run this script for installation? [Y/N]
HEREDOC
read YESNO
if [ ${YESNO} != "Y" -a ${YESNO} != "y" ] ; then
cat <<HEREDOC 1>&2
Installation terminated.
HEREDOC
return
fi # if YES
fi # "Void" is not found in the OS name.
# For surre ask the config.sh is edited
cat <<HEREDOC
The destination logical volume label is \"${LVROOTNAME}\"
\"${LVROOTNAME}\" uses ${LVROOTSIZE} of the LVM volume group.
Are you ready to install? [Y/N]
HEREDOC
read YESNO
if [ ${YESNO} != "Y" -a ${YESNO} != "y" ] ; then
cat <<HEREDOC 1>&2
Installation terminated.
HEREDOC
return
fi # if YES
# For sure ask ready to erase.
if [ ${ERASEALL} -eq 1 ] ; then
echo "Are you sure you want to erase entire ${DEV}? [Y/N]"
read YESNO
if [ ${YESNO} != "Y" -a ${YESNO} != "y" ] ; then
cat <<HEREDOC 1>&2
Check config.sh. The variable ERASEALL is ${ERASEALL}.
Installation terminated.
HEREDOC
return
fi # if YES
fi # if erase all
# ----- Set Passphrase -----
# Input passphrase
echo "Type passphrase for the disk encryption."
read -sr PASSPHRASE
export PASSPHRASE
echo "Type passphrase again, to confirm."
read -sr PASSPHRASE_C
# Validate whether both are indentical or not
if [ ${PASSPHRASE} != ${PASSPHRASE_C} ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Passphrase doesn't match *****
Installation terminated.
HEREDOC
return
fi # passphrase validation
# *******************************************************************************
# Pre-install stage
# *******************************************************************************
# ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition -----
if [ ${ERASEALL} -eq 1 ] ; then
# Assign specified space and rest of disk to the EFI and LUKS partition, respectively.
if [ ${ISEFI} -eq 1 ] ; then
# Zap existing partition table and create new GPT
echo "...Initialize ${DEV} with GPT."
sgdisk --zap-all "${DEV}"
# Create EFI partition and format it
echo "...Create an EFI partition on ${DEV}."
sgdisk --new=${EFIPARTITION}:0:+${EFISIZE} --change-name=${EFIPARTITION}:"EFI System" --typecode=${EFIPARTITION}:ef00 "${DEV}"
echo "...Format the EFI parttion."
mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}"
# Create Linux partition
echo "...Create a Linux partition on ${DEV}."
sgdisk --new=${CRYPTPARTITION}:0:0 --change-name=${CRYPTPARTITION}:"Linux LUKS" --typecode=${CRYPTPARTITION}:8309 "${DEV}"
# Then print them
sgdisk --print "${DEV}"
else
# Zap existing partition table
echo "...Erase partition table of ${DEV}."
dd if=/dev/zero of=${DEV} bs=512 count=1
# Create MBR and allocate max storage for Linux partition
echo "...Create a Linux partition on ${DEV} with MBR."
sfdisk ${DEV} <<HEREDOC
2M,,L
HEREDOC
fi # if EFI firmware
# Encrypt the partition to install Linux
echo "...Initialize ${DEV}${CRYPTPARTITION} as crypt partition"
printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}"
fi # if erase all
# ----- Open the LUKS partition -----
# Open the crypt partition.
echo "...Open a crypt partition ${DEV}${CRYPTPARTITION} as \"${CRYPTPARTNAME}\""
printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" ${CRYPTPARTNAME}
# Check whether successful open. If mapped, it is successful.
if [ ! -e /dev/mapper/${CRYPTPARTNAME} ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on ${DEV}${CRYPTPARTITION}. *****
Check passphrase and config.txt
Installation terminated.
HEREDOC
return
fi # if crypt volume is unable to open
# ----- Configure the LVM in LUKS volume -----
# Check volume group ${VGNAME} exist or not
vgdisplay -s ${VGNAME} &> /dev/null
if [ $? -eq 0 ] ; then # is return value 0? ( exist ?)
echo "...Volume group ${VGNAME} already exist. Skipped to create. No problem."
else
echo "...Initialize a physical volume on \"${CRYPTPARTNAME}\""
pvcreate /dev/mapper/${CRYPTPARTNAME}
echo "...And then create Volume group \"${VGNAME}\"."
vgcreate ${VGNAME} /dev/mapper/${CRYPTPARTNAME}
fi # if /dev/volume-groupt not exist
# Create a SWAP Logical Volume on VG, if it doesn't exist
if [ -e /dev/mapper/${VGNAME}-${LVSWAPNAME} ] ; then
echo "...Swap volume already exist. Skipped to create. No problem."
else
echo "...Create logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"."
lvcreate -L ${LVSWAPSIZE} -n ${LVSWAPNAME} ${VGNAME}
fi # if /dev/mapper/swap volume already exit.
# Create a ROOT Logical Volume on VG.
if [ -e /dev/mapper/${VGNAME}-${LVROOTNAME} ] ; then
cat <<HEREDOC 1>&2
***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. *****
Check LVROOTNAME environment variable in config.txt.
Installation terminated.
HEREDOC
return
else
echo "...Create logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"."
lvcreate -l ${LVROOTSIZE} -n ${LVROOTNAME} ${VGNAME}
fi # if the root volun already exist
# *******************************************************************************
# Para-install stage
# *******************************************************************************
cat <<HEREDOC
******************************************************************************
The pre-install process is done. We are ready to install the Linux to the
target storage device. By pressing return key, void-installer
starts.
Please pay attention to the partition mapping configuration. In this
installation, you have to map the previously created partitions/logical
volumes to the appropriate directory of the target system.
Host Volume | Target Directory | Comment
-----------------------|------------------|-----------------------------------
/dev/sda1 | /boot/efi | Only EFI system needs.
/dev/mapper/vg1-ubuntu | / | Host volume name is up to your
| | configuration parameter.
/dev/mapper/swap | swap | Only the first distribution
| | requires this mapping.
************************ CAUTION! CAUTION! CAUTION! ****************************
Make sure to click "NO", when the void-installer ask you to reboot at
the end of installation. Just exit the void-installer wihout reboot.
Type return key to start Ubiquity.
HEREDOC
# waitfor a console input
read dummy_var
# Start GUI installer
xterm -fa monospace -fs ${XTERMFONTSIZE} -e void-installer &
# Record the PID
ubiquity_pid=$!
# While the /etc/default/grub in the install target is NOT existing, keep sleeping.
# If ubiquity terminated without file copy, this script also terminates.
while [ ! -e /mnt/target/etc/default/grub ]
do
sleep 1 # 1sec.
ps $ubiquity_pid > /dev/null # ps return 0 if process exists.
if [ $? -ne 0 ] ; then # If not exists
cat <<HEREDOC 1>&2
The void-installer terminated unexpectedly.
Installation process terminated.
HEREDOC
return
fi
done
# Perhaps, too neuvous. Wait 1 more sectond to avoid the rece condition.
sleep 1 # 1sec.
# Make target GRUB aware to the crypt partition
# This must do it after start of the file copy by void-installer, but before the end of the file copy.
echo "...Add GRUB_ENABLE_CRYPTODISK entry to /mnt/target/etc/default/grub "
echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/target/etc/default/grub
# And then, wait for the end of void-installer process
echo "...Waiting the end of void-installer."
wait $ubiquity_pid
# *******************************************************************************
# Post-install stage
# *******************************************************************************
## Mount the target file system
# /target is created by the Ubiquity installer
echo "...Mount /dev/mapper/${VGNAME}-${LVROOTNAME} on /target."
mount /dev/mapper/${VGNAME}-${LVROOTNAME} /target
# And mount other directories
echo "...Mount all other dirs."
for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "/target/$n"; done
# Change root and create the keyfile and ramfs image for Linux kernel.
echo "...Chroot to /target."
cat <<HEREDOC | chroot /target /bin/bash
# Mount the rest of partitions by target /etc/fstab
mount -a
# Set up the kernel hook of encryption
echo "...Install cryptsetup-initramfs package."
apt -qq install -y cryptsetup-initramfs
echo "...Register key file to the ramfs"
echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
# Prepare a key file to embed in to the ramfs.
echo "...Prepair key file."
mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# Add a key to the key file. Use the passphrase in the environment variable.
echo "...Add a key to the key file."
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.
echo "...Add LUKS volume info to /etc/crypttab."
echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
# Finally, update the ramfs initial image with the key file.
echo "...Upadte initramfs."
update-initramfs -uk all
# Leave chroot
exit
HEREDOC
# Finishing message
cat <<HEREDOC
****************** Post-install process finished ******************
...Ready to reboot.
HEREDOC