From 3ce805c5cabfba3f09780d4f74ad721b41ba7cad Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 07:41:34 +0900 Subject: [PATCH 1/6] Make chroot'ed job independent script file Issue #11 --- script/lib/common.sh | 408 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 408 insertions(+) create mode 100644 script/lib/common.sh diff --git a/script/lib/common.sh b/script/lib/common.sh new file mode 100644 index 0000000..cff0f92 --- /dev/null +++ b/script/lib/common.sh @@ -0,0 +1,408 @@ +#!/bin/bash -u +# ******************************************************************************* +# Confirmation and Passphrase setting +# ******************************************************************************* + +function confirmation(){ + + # Consistency check for the OVERWRITEINSTALL and ERASEALL + if [ "${ERASEALL}" -ne 0 ] && [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + cat <<- HEREDOC + ***** ERROR : Confliction between ERASEALL and OVERWRITEINSTALL ***** + ...ERASEALL = ${ERASEALL} + ...OVERWRITEINSTALL = ${OVERWRITEINSTALL} + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi + + # Sanity check for volume group name + if echo "${VGNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume group name. + cat <<- HEREDOC + ***** ERROR : VGNAME is "${VGNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume group name. + + # Sanity check for root volume name + if echo "${LVROOTNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVROOTNAME is "${LVROOTNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume name. + + # Sanity check for swap volume name + if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVSWAPNAME is "${LVSWAPNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume name. + + # For surre ask the your config.sh is edited + cat <<- HEREDOC + + The destination logical volume label is "${LVROOTNAME}" + "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. + Are you sure to install? [Y/N] + HEREDOC + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + + # For sure ask to erase. + if [ "${ERASEALL}" -ne 0 ] ; then + echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<-HEREDOC + ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + fi # if erase all + + # For sure ask to overwrite. + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<-HEREDOC + ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + fi # if overwrite + + # ----- Set Passphrase ----- + # Input passphrase + echo "" + echo "Type passphrase for the disk encryption." + read -sr PASSPHRASE + export PASSPHRASE + + echo "Type passphrase again, to confirm." + read -sr PASSPHRASE_C + + # Validate whether both are indentical or not + if [ "${PASSPHRASE}" != "${PASSPHRASE_C}" ] ; then + cat <<-HEREDOC + ***** ERROR : Passphrase doesn't match ***** + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # passphrase validation + + # succesfull return + return 0 +} + + +# ******************************************************************************* +# Common Pre-install stage +# ******************************************************************************* + +function pre_install() { + + + # ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition ----- + if [ "${ERASEALL}" -ne 0 ] ; then + + # Assign specified space and rest of disk to the EFI and LUKS partition, respectively. + if [ "${ISEFI}" -ne 0 ] ; then # EFI + # Zap existing partition table and create new GPT + echo "...Initializing \"${DEV}\" with GPT." + sgdisk --zap-all "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + # Create EFI partition and format it + echo "...Creating an EFI partition on \"${DEV}\"." + # shellcheck disable=SC2140 + sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + echo "...Formatting the EFI parttion." + mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" + if is_error ; then return 1 ; fi; # If error, terminate + # Create Linux partition + echo "...Creating a Linux partition on ${DEV}." + # shellcheck disable=SC2140 + sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + # Then print them + sgdisk --print "${DEV}" + else # BIOS + # Zap existing partition table + echo "...Erasing partition table of \"${DEV}\"." + dd if=/dev/zero of="${DEV}" bs=512 count=1 + if is_error ; then return 1 ; fi; # If error, terminate + # Create MBR and allocate max storage for Linux partition + echo "...Creating a Linux partition on ${DEV} with MBR." + sfdisk "${DEV}" <<- HEREDOC + 2M,,L + HEREDOC + if is_error ; then return 1 ; fi; # If error, terminate + fi # if EFI firmware + + # Encrypt the partition to install Linux + echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" + printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" + + fi # if erase all + + # ----- Open the LUKS partition ----- + # Open the crypt partition. + echo "...Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" + printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" "${CRYPTPARTNAME}" + + # Check whether successful open. If mapped, it is successful. + if [ ! -e /dev/mapper/"${CRYPTPARTNAME}" ] ; then + cat <<- HEREDOC + ***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on "${DEV}${CRYPTPARTITION}". ***** + ...Check passphrase and your config.txt + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if crypt volume is unable to open + + # ----- Configure the LVM in LUKS volume ----- + # Check volume group ${VGNAME} exist or not + if vgdisplay -s "${VGNAME}" &> /dev/null ; then # if exist + echo "...Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." + echo "...Activating all logical volumes in volume group \"${VGNAME}\"." + vgchange -ay + echo "...Scanning all logical volumes." + lvscan + else + echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" + pvcreate /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + echo "...And then creating Volume group \"${VGNAME}\"." + vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi # if /dev/volume-groupt exist + + # Create a SWAP Logical Volume on VG, if it doesn't exist + if [ -e /dev/mapper/"${VGNAME}"-"${LVSWAPNAME}" ] ; then + echo "...Swap volume already exist. Skipped to create. No problem." + else + echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." + lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi # if /dev/mapper/swap volume already exit. + + # Create a ROOT Logical Volume on VG. + if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install + echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." + else # exist and not overwriteinstall + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** + ...Check LVROOTNAME environment variable in your config.txt. + HEREDOC + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + fi + else # not exsit + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** + ...Check consistency of your config.txt. + HEREDOC + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + else # not exist and not overwrite install + echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." + lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi + fi + + + # successful return + return 0 +} + + +# ******************************************************************************* +# Common message in para-install stage +# ******************************************************************************* + +function para_install_msg() { + + cat <<- HEREDOC + ****************************************************************************** + The pre-install process is done. We are ready to install the Linux to the + target storage device. By pressing return key, GUI/TUI installer starts. + + Please pay attention to the partition/logical volume mapping configuration. + In this installation, you have to map the previously created partitions/logical + volumes to the appropriate directories of the target system as followings : + + HEREDOC + + # In the EFI system, add this mapping + if [ "${ISEFI}" -ne 0 ] ; then + echo "/boot/efi : ${DEV}${EFIPARTITION}" + fi + + # Root volume mapping + echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" + + # In case of erased storage, add this mapping + if [ "${ERASEALL}" -ne 0 ] ; then + echo "swap : /dev/mapper/${VGNAME}-${LVSWAPNAME}" + fi + + return 0 +} + + +# ******************************************************************************* +# Common post-install stage +# ******************************************************************************* +# In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB +function post_install_local() { + ## Mount the target file system + # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer + echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." + mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" + + # And mount other directories + echo "...Mounting all other dirs." + for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done + + # Copy all scripts to the target /tmp + echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." + mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + cp -R ./*.sh "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + + # Change root and create the keyfile and ramfs image for Linux kernel. + # The here document is script executed under chroot. And here we call + # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh". + echo "...Chroot to ${TARGETMOUNTPOINT}." + # shellcheck disable=SC2086 + cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash + cd /tmp/kaiten-yaki + # Execute copied script + source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" + HEREDOC + + # Unmount all + echo "...Unmounting all." + umount -R "${TARGETMOUNTPOINT}" + + # Finishing message + cat <<- HEREDOC + ****************** Post-install process finished ****************** + + ...Ready to reboot. + HEREDOC + + return 0 + +} # End of post_install_local() + + +# ******************************************************************************* +# Deactivate all LV in the VG and close LUKS volume +# ******************************************************************************* + +function deactivate_and_close(){ + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + vgchange -a n "${VGNAME}" + echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + cryptsetup close "${CRYPTPARTNAME}" + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + +} + +# ******************************************************************************* +# Delete the nwe volume if overwrite install, and close all +# ******************************************************************************* +function on_unexpected_installer_quit(){ + echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume + echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." + else # if not overwrite istall, delete the new volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + fi + # Deactivate all lg and close the LUKS volume + deactivate_and_close + echo "...You can retry Kaiten-yaki again." +} + + +# ******************************************************************************* +# Check whether given signaure is in the system information +# ******************************************************************************* +function distribution_check(){ + if ! uname -a | grep "${DISTRIBUTIONSIGNATURE}" -i > /dev/null ; then # Signature is not found in the OS name. + echo "*******************************************************************************" + uname -a + cat <<- HEREDOC + ******************************************************************************* + This system seems to be not $DISTRIBUTIONNAME, while this script is dediated to the $DISTRIBUTIONNAME. + Are you sure you want to run this script? [Y/N] + HEREDOC + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + + fi # Distribution check + + # no error + return 0 +} + + +# ******************************************************************************* +# Error report and return revsers status. +# ******************************************************************************* +function is_error() { + if [ $? -eq 0 ] ; then # Is previous job OK? + return 1 # If OK, return error ( because it was not error ) + else + cat <<- HEREDOC + **** ERROR ! **** + + Installation process terminated. + HEREDOC + return 0 # If error, return OK ( because it was error ) + fi; +} \ No newline at end of file From 7b91fbd9f4bf38bf2dadc54bd23ad8b4e922bb9c Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 07:41:56 +0900 Subject: [PATCH 2/6] Additional changes --- script/lib.sh | 361 ------------------------------ script/lib/chrooted_job_ubuntu.sh | 44 ++++ script/lib/chrooted_job_void.sh | 45 ++++ script/ubuntu-kaiten-yaki.sh | 72 +----- script/void-kaiten-yaki.sh | 71 +----- 5 files changed, 96 insertions(+), 497 deletions(-) delete mode 100644 script/lib.sh create mode 100644 script/lib/chrooted_job_ubuntu.sh create mode 100644 script/lib/chrooted_job_void.sh diff --git a/script/lib.sh b/script/lib.sh deleted file mode 100644 index 82b0ffc..0000000 --- a/script/lib.sh +++ /dev/null @@ -1,361 +0,0 @@ -#!/bin/bash -u -# ******************************************************************************* -# Confirmation and Passphrase setting -# ******************************************************************************* - -function confirmation(){ - - # Consistency check for the OVERWRITEINSTALL and ERASEALL - if [ "${ERASEALL}" -ne 0 ] && [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - cat <<- HEREDOC - ***** ERROR : Confliction between ERASEALL and OVERWRITEINSTALL ***** - ...ERASEALL = ${ERASEALL} - ...OVERWRITEINSTALL = ${OVERWRITEINSTALL} - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi - - # Sanity check for volume group name - if echo "${VGNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume group name. - cat <<- HEREDOC - ***** ERROR : VGNAME is "${VGNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume group name. - - # Sanity check for root volume name - if echo "${LVROOTNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. - cat <<- HEREDOC - ***** ERROR : LVROOTNAME is "${LVROOTNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume name. - - # Sanity check for swap volume name - if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. - cat <<- HEREDOC - ***** ERROR : LVSWAPNAME is "${LVSWAPNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume name. - - # For surre ask the your config.sh is edited - cat <<- HEREDOC - - The destination logical volume label is "${LVROOTNAME}" - "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. - Are you sure to install? [Y/N] - HEREDOC - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - - # For sure ask to erase. - if [ "${ERASEALL}" -ne 0 ] ; then - echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if erase all - - # For sure ask to overwrite. - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if overwrite - - # ----- Set Passphrase ----- - # Input passphrase - echo "" - echo "Type passphrase for the disk encryption." - read -sr PASSPHRASE - export PASSPHRASE - - echo "Type passphrase again, to confirm." - read -sr PASSPHRASE_C - - # Validate whether both are indentical or not - if [ "${PASSPHRASE}" != "${PASSPHRASE_C}" ] ; then - cat <<-HEREDOC - ***** ERROR : Passphrase doesn't match ***** - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # passphrase validation - - # succesfull return - return 0 -} - - -# ******************************************************************************* -# Pre-install stage -# ******************************************************************************* - -function pre_install() { - - - # ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition ----- - if [ "${ERASEALL}" -ne 0 ] ; then - - # Assign specified space and rest of disk to the EFI and LUKS partition, respectively. - if [ "${ISEFI}" -ne 0 ] ; then # EFI - # Zap existing partition table and create new GPT - echo "...Initializing \"${DEV}\" with GPT." - sgdisk --zap-all "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - # Create EFI partition and format it - echo "...Creating an EFI partition on \"${DEV}\"." - # shellcheck disable=SC2140 - sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - echo "...Formatting the EFI parttion." - mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" - if is_error ; then return 1 ; fi; # If error, terminate - # Create Linux partition - echo "...Creating a Linux partition on ${DEV}." - # shellcheck disable=SC2140 - sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - # Then print them - sgdisk --print "${DEV}" - else # BIOS - # Zap existing partition table - echo "...Erasing partition table of \"${DEV}\"." - dd if=/dev/zero of="${DEV}" bs=512 count=1 - if is_error ; then return 1 ; fi; # If error, terminate - # Create MBR and allocate max storage for Linux partition - echo "...Creating a Linux partition on ${DEV} with MBR." - sfdisk "${DEV}" <<- HEREDOC - 2M,,L - HEREDOC - if is_error ; then return 1 ; fi; # If error, terminate - fi # if EFI firmware - - # Encrypt the partition to install Linux - echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" - printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" - - fi # if erase all - - # ----- Open the LUKS partition ----- - # Open the crypt partition. - echo "...Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" - printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" "${CRYPTPARTNAME}" - - # Check whether successful open. If mapped, it is successful. - if [ ! -e /dev/mapper/"${CRYPTPARTNAME}" ] ; then - cat <<- HEREDOC - ***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on "${DEV}${CRYPTPARTITION}". ***** - ...Check passphrase and your config.txt - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if crypt volume is unable to open - - # ----- Configure the LVM in LUKS volume ----- - # Check volume group ${VGNAME} exist or not - if vgdisplay -s "${VGNAME}" &> /dev/null ; then # if exist - echo "...Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." - echo "...Activating all logical volumes in volume group \"${VGNAME}\"." - vgchange -ay - echo "...Scanning all logical volumes." - lvscan - else - echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" - pvcreate /dev/mapper/"${CRYPTPARTNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - echo "...And then creating Volume group \"${VGNAME}\"." - vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi # if /dev/volume-groupt exist - - # Create a SWAP Logical Volume on VG, if it doesn't exist - if [ -e /dev/mapper/"${VGNAME}"-"${LVSWAPNAME}" ] ; then - echo "...Swap volume already exist. Skipped to create. No problem." - else - echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." - lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi # if /dev/mapper/swap volume already exit. - - # Create a ROOT Logical Volume on VG. - if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install - echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." - else # exist and not overwriteinstall - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** - ...Check LVROOTNAME environment variable in your config.txt. - HEREDOC - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - fi - else # not exsit - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** - ...Check consistency of your config.txt. - HEREDOC - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - else # not exist and not overwrite install - echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." - lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi - fi - - - # successful return - return 0 -} - - -# ******************************************************************************* -# Common message in para-install stage -# ******************************************************************************* - -function para_install_msg() { - - cat <<- HEREDOC - ****************************************************************************** - The pre-install process is done. We are ready to install the Linux to the - target storage device. By pressing return key, GUI/TUI installer starts. - - Please pay attention to the partition/logical volume mapping configuration. - In this installation, you have to map the previously created partitions/logical - volumes to the appropriate directories of the target system as followings : - - HEREDOC - - # In the EFI system, add this mapping - if [ "${ISEFI}" -ne 0 ] ; then - echo "/boot/efi : ${DEV}${EFIPARTITION}" - fi - - # Root volume mapping - echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" - - # In case of erased storage, add this mapping - if [ "${ERASEALL}" -ne 0 ] ; then - echo "swap : /dev/mapper/${VGNAME}-${LVSWAPNAME}" - fi - - return 0 -} - -# ******************************************************************************* -# Deactivate all LV in the VG and close LUKS volume -# ******************************************************************************* - -function deactivate_and_close(){ - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." - vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." - cryptsetup close "${CRYPTPARTNAME}" - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - -} - -# ******************************************************************************* -# Delete the nwe volume if overwrite install, and close all -# ******************************************************************************* -function on_unexpected_installer_quit(){ - echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume - echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." - else # if not overwrite istall, delete the new volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - fi - # Deactivate all lg and close the LUKS volume - deactivate_and_close - echo "...You can retry Kaiten-yaki again." -} - - -# ******************************************************************************* -# Check whether given signaure is in the system information -# ******************************************************************************* -function distribution_check(){ - if ! uname -a | grep "${DISTRIBUTIONSIGNATURE}" -i > /dev/null ; then # Signature is not found in the OS name. - echo "*******************************************************************************" - uname -a - cat <<- HEREDOC - ******************************************************************************* - This system seems to be not $DISTRIBUTIONNAME, while this script is dediated to the $DISTRIBUTIONNAME. - Are you sure you want to run this script? [Y/N] - HEREDOC - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - - fi # Distribution check - - # no error - return 0 -} - - -# ******************************************************************************* -# Error report and return revsers status. -# ******************************************************************************* -function is_error() { - if [ $? -eq 0 ] ; then # Is previous job OK? - return 1 # If OK, return error ( because it was not error ) - else - cat <<- HEREDOC - **** ERROR ! **** - - Installation process terminated. - HEREDOC - return 0 # If error, return OK ( because it was error ) - fi; -} \ No newline at end of file diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh new file mode 100644 index 0000000..ed16912 --- /dev/null +++ b/script/lib/chrooted_job_ubuntu.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + apt -qq install -y cryptsetup-initramfs + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook + echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + update-initramfs -uk all + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh new file mode 100644 index 0000000..ee58369 --- /dev/null +++ b/script/lib/chrooted_job_void.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + xbps-install -y lvm2 cryptsetup + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + xbps-reconfigure -fa + echo "...grub-mkconfig." + grub-mkconfig -o /boot/grub/grub.cfg + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index a18aa8f..96ace9b 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -54,8 +53,9 @@ function main() { # Post-install stage # ******************************************************************************* - # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # Distribution dependent finalizing. Embedd encryption key into the ramfs image. + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -100,70 +100,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Ubuntu dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - apt -qq install -y cryptsetup-initramfs - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook - echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - update-initramfs -uk all - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # ******************************************************************************* diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 87cfcd4..5838747 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/mnt/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -76,7 +75,8 @@ function main() { # ******************************************************************************* # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -128,71 +128,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Void Linux dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - xbps-install -y lvm2 cryptsetup - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - xbps-reconfigure -fa - echo "...grub-mkconfig." - grub-mkconfig -o /boot/grub/grub.cfg - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # ******************************************************************************* From d0200d88d80d4f1a2fc093265dc0bfad6c6387af Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:06:15 +0900 Subject: [PATCH 3/6] Fix the name of funciton --- script/lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index cff0f92..00ca95e 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -288,7 +288,7 @@ function para_install_msg() { # Common post-install stage # ******************************************************************************* # In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB -function post_install_local() { +function post_install() { ## Mount the target file system # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." From fd8e8f0af191f2cc21839fcdcedaf78c57fca001 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:22:16 +0900 Subject: [PATCH 4/6] Fix the mistake of the copy pattern Now, even directiries are copied --- script/lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 00ca95e..11c3fbd 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -301,7 +301,7 @@ function post_install() { # Copy all scripts to the target /tmp echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" - cp -R ./*.sh "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" # Change root and create the keyfile and ramfs image for Linux kernel. # The here document is script executed under chroot. And here we call From 5930627ee7d546c6cc181295763e934305cc65f5 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 21:22:43 +0900 Subject: [PATCH 5/6] Add explanation moving to script directory --- INSTALL.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 5954a89..bdc6685 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -32,8 +32,11 @@ xbps-install -Su xbps nano ``` The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. -Then, edit the config.txt. - +And then, go to the kaiten-yaki/script directory. +```bash +cd /the/downloaded/directory/kaiten-yaki/script +``` +Now, ready to configure. ## Configuration parameters This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation. From 6a1df4f25b7f178ab8a04af0a079e959470380f3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 13:04:39 +0900 Subject: [PATCH 6/6] Update change log. Make chroot'ed job independent script file #11 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec8b588..221ac3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Record of the modification in project development. - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) +- [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11) ### Deprecated ### Removed