From 5bba11567e7d63f1ee0f7fcaad7b326138fed316 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Mon, 28 Jun 2021 23:07:39 +0900 Subject: [PATCH] Add scripts --- ubuntu/1-pre-install.sh | 111 +++++++++++++++++++++++++++++++++++++++ ubuntu/2-para-install.sh | 29 ++++++++++ ubuntu/3-post-install.sh | 53 +++++++++++++++++++ ubuntu/config.sh | 45 ++++++++++++++++ 4 files changed, 238 insertions(+) create mode 100644 ubuntu/1-pre-install.sh create mode 100644 ubuntu/2-para-install.sh create mode 100644 ubuntu/3-post-install.sh create mode 100644 ubuntu/config.sh diff --git a/ubuntu/1-pre-install.sh b/ubuntu/1-pre-install.sh new file mode 100644 index 0000000..a7aa411 --- /dev/null +++ b/ubuntu/1-pre-install.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +# Varidate whether script is executed as sourced or not +(return 0 2>/dev/null) && sourced=1 || sourced=0 +if [ $sourced -eq 0 ] ; then + cat <&2 +***** ERROR : Must execute as source ***** +Execute as following : +source 1-pre-install.sh + +Installation terminates. +HEREDOC + exit +fi + + +# ----- Set Passphrase ----- +# Input passphrase +echo "Type passphrase for the disk encryption." +read -sr PASSPHRASE + +echo "Type passphrase again, to confirm." +read -sr PASSPHRASE_C + +# Validate whether both are indentical or not +if [ ${PASSPHRASE} = ${PASSPHRASE_C} ] ; then + export PASSPHRASE +else + cat <&2 +***** ERROR : Passphrase doesn't match ***** +Installation terminates. +HEREDOC + return +fi + +# ----- Configuration Parameter ----- +# Load the configuration parameter +source config.sh + +# ----- Format the disk and encrypt the LUKS partition ----- +if [ ${ERASEALL} -eq 1 ] ; then +# Optional : Create partitions for in the physical disk. +# Assign specified space and rest of disk to the EFI and LUKS partition, respectively. + if [ ${ISEFI} -eq 1 ] ; then + # Zap existing partition table and create new GPT + sgdisk --zap-all "${DEV}" + # Create EFI partition and format it + sgdisk --new=${EFIPARTITION}:0:+${EFISIZE} --change-name=${EFIPARTITION}:"EFI System" --typecode=${EFIPARTITION}:ef00 "${DEV}" + mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" + # Create Linux partition + sgdisk --new=${CRYPTPARTITION}:0:0 --change-name=${CRYPTPARTITION}:"Linux LUKS" --typecode=${CRYPTPARTITION}:8309 "${DEV}" + # Then print them + sgdisk --print "${DEV}" + else + # Zap existing partition table + dd if=/dev/zero of=${DEV} bs=512 count=1 + # Create MBR and allocate max storage for Linux partition + sfdisk ${DEV} <&2 +***** ERROR : Cannot open LUKS volume ${CRYPTPARTNAME} on ${DEV}${CRYPTPARTITION}. ***** +Check the passphrase + +Installation terminates. +HEREDOC + return +fi + +# ----- Configure the LVM in LUKS volume ----- +# The swap volume and / volume is created here, based on the given parameters. +# Create a Physical Volume and Volume Group. +pvcreate /dev/mapper/${CRYPTPARTNAME} +vgcreate ${VGNAME} /dev/mapper/${CRYPTPARTNAME} + +# Create a SWAP Logical Volume on VG, if it doesn't exist +if [ ! -d /dev/mapper/${VGNAME}-${LVSWAPNAME} ] ; then + lvcreate -L ${LVSWAPSIZE} -n ${LVSWAPNAME} ${VGNAME} +else + echo "Swap volume already exist. Skipped to create" 1>&2 +fi + +# Create a ROOT Logical Volume on VG. +if [ ! -d /dev/mapper/${VGNAME}-${LVROOTNAME} ] ; then + lvcreate -l ${LVROOTSIZE} -n ${LVROOTNAME} ${VGNAME} +else + cat <&2 +***** ERROR : Logical volume ${VGNAME}-${LVROOTNAME} already exists. ***** +Check LVROOTNAME environment variable. + +Installation terminates. +HEREDOC + return +fi + + diff --git a/ubuntu/2-para-install.sh b/ubuntu/2-para-install.sh new file mode 100644 index 0000000..429e9c5 --- /dev/null +++ b/ubuntu/2-para-install.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Varidate whether script is executed as sourced or not +(return 0 2>/dev/null) && sourced=1 || sourced=0 +if [ $sourced -eq 0 ] ; then + cat <&2 +***** ERROR : Must execute as source ***** +Execute as following : +source 2-para-install.sh + +Installation terminates. +HEREDOC + exit +fi + + +# Check whether grub configuration file is ready to write +if [ ! -d /target/etc/default/grub ] ; then + cat <&2 +***** ERROR : The /target/etc/default/grub is not ready. ***** +Perhaps, to early to execute this script. + +Installation terminates. +HEREDOC + return +fi + +# Make target GRUB aware to the crypt partition +echo "GRUB_ENABLE_CRYPTODISK=y" >> /target/etc/default/grub diff --git a/ubuntu/3-post-install.sh b/ubuntu/3-post-install.sh new file mode 100644 index 0000000..da4f754 --- /dev/null +++ b/ubuntu/3-post-install.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Varidate whether script is executed as sourced or not +(return 0 2>/dev/null) && sourced=1 || sourced=0 +if [ $sourced -eq 0 ] ; then + cat <&2 +***** ERROR : Must execute as source ***** +Execute as following : +source 3-post-install.sh + +Installation terminates. +HEREDOC + exit +fi + +## Mount the target file system +# /target is created by the Ubiquity installer +mount /dev/mapper/${VGNAME}-${LVROOTNAME} /target + +# And mount other directories +for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "/target/$n"; done + +# Change root +cat <> /etc/cryptsetup-initramfs/conf-hook +echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf + +# Prepare a key file to embed in to the ramfs. +mkdir /etc/luks +dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 +chmod u=rx,go-rwx /etc/luks +chmod u=r,go-rwx /etc/luks/boot_os.keyfile + +# Add a key to the key file. Use the passphrase in the environment variable. +printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + +# Add the LUKS volume information to /etc/crypttab to decrypt by kernel. +echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + +# Finally, update the ramfs initial image with the key file. +update-initramfs -uk all + +# Leave chroot +exit +HEREDOC + +echo "Install finished. Ready to reboot." \ No newline at end of file diff --git a/ubuntu/config.sh b/ubuntu/config.sh new file mode 100644 index 0000000..203eca5 --- /dev/null +++ b/ubuntu/config.sh @@ -0,0 +1,45 @@ +# Storage device to install the linux. +export DEV="/dev/sda" + +# Whether you want to erase all contents of the storage device or not. +# 1 : Yes, I want to erase all. +# 2 : No, I want to add to the existing Linux distributions. +export ERASEALL=1 + +# Logical Volume name for your Linux installation. Keep it unique from other distribution. +export LVROOTNAME="ubuntu" + +# Logical volume size of the Linux installation. +# 50% mean, new logical volume will use 50% of the free space in the LVM volume group. +export LVROOTSIZE="50%FREE" + +# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation. +export EFISIZE="100M" +export LVSWAPSIZE="8G" + +# Usually, these names can be left untouched. +export CRYPTPARTNAME="luks_volume" +export VGNAME="vg1" +export LVSWAPNAME="swap" + +# DO NOT touch following lines. + +# export to share with entire script +export PASSPHRASE + +# Detect firmware type. 1 : EFI, 0 : BIOS +if [ -d /sys/firmware/efi ]; then +export ISEFI=1 +else +export ISEFI=0 +fi + +# Set partition number based on the firmware type +if [ ${ISEFI} -eq 1 ] ; then +# EFI system +export EFIPARTITION=1 +export CRYPTPARTITION=2 +else +# BIOS system +export CRYPTPARTITION=1 +fi