diff --git a/CHANGELOG.md b/CHANGELOG.md index ec8b588..221ac3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Record of the modification in project development. - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) +- [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11) ### Deprecated ### Removed diff --git a/INSTALL.md b/INSTALL.md index 5954a89..bdc6685 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -32,8 +32,11 @@ xbps-install -Su xbps nano ``` The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. -Then, edit the config.txt. - +And then, go to the kaiten-yaki/script directory. +```bash +cd /the/downloaded/directory/kaiten-yaki/script +``` +Now, ready to configure. ## Configuration parameters This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation. diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh new file mode 100644 index 0000000..ed16912 --- /dev/null +++ b/script/lib/chrooted_job_ubuntu.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + apt -qq install -y cryptsetup-initramfs + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook + echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + update-initramfs -uk all + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh new file mode 100644 index 0000000..ee58369 --- /dev/null +++ b/script/lib/chrooted_job_void.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + xbps-install -y lvm2 cryptsetup + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + xbps-reconfigure -fa + echo "...grub-mkconfig." + grub-mkconfig -o /boot/grub/grub.cfg + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/lib.sh b/script/lib/common.sh similarity index 88% rename from script/lib.sh rename to script/lib/common.sh index 82b0ffc..11c3fbd 100644 --- a/script/lib.sh +++ b/script/lib/common.sh @@ -124,7 +124,7 @@ function confirmation(){ # ******************************************************************************* -# Pre-install stage +# Common Pre-install stage # ******************************************************************************* function pre_install() { @@ -283,6 +283,53 @@ function para_install_msg() { return 0 } + +# ******************************************************************************* +# Common post-install stage +# ******************************************************************************* +# In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB +function post_install() { + ## Mount the target file system + # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer + echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." + mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" + + # And mount other directories + echo "...Mounting all other dirs." + for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done + + # Copy all scripts to the target /tmp + echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." + mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + + # Change root and create the keyfile and ramfs image for Linux kernel. + # The here document is script executed under chroot. And here we call + # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh". + echo "...Chroot to ${TARGETMOUNTPOINT}." + # shellcheck disable=SC2086 + cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash + cd /tmp/kaiten-yaki + # Execute copied script + source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" + HEREDOC + + # Unmount all + echo "...Unmounting all." + umount -R "${TARGETMOUNTPOINT}" + + # Finishing message + cat <<- HEREDOC + ****************** Post-install process finished ****************** + + ...Ready to reboot. + HEREDOC + + return 0 + +} # End of post_install_local() + + # ******************************************************************************* # Deactivate all LV in the VG and close LUKS volume # ******************************************************************************* diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index a18aa8f..96ace9b 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -54,8 +53,9 @@ function main() { # Post-install stage # ******************************************************************************* - # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # Distribution dependent finalizing. Embedd encryption key into the ramfs image. + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -100,70 +100,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Ubuntu dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - apt -qq install -y cryptsetup-initramfs - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook - echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - update-initramfs -uk all - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # ******************************************************************************* diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 87cfcd4..5838747 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/mnt/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -76,7 +75,8 @@ function main() { # ******************************************************************************* # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -128,71 +128,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Void Linux dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - xbps-install -y lvm2 cryptsetup - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - xbps-reconfigure -fa - echo "...grub-mkconfig." - grub-mkconfig -o /boot/grub/grub.cfg - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # *******************************************************************************