Preservation/kaiten-yaki
1
0
Fork 0
mirror of https://github.com/suikan4github/kaiten-yaki.git synced 2025-12-20 02:21:17 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/11' into develop

Browse source
This commit is contained in:
Suikan 2021-07-07 13:04:55 +09:00
commit cb92595d31
7 changed files with 150 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -8,6 +8,7 @@ Record of the modification in project development.
- [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5)
- [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6)
- [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7)
- [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11)
### Deprecated ### Deprecated
### Removed ### Removed

7
INSTALL.md
View file

@ -32,8 +32,11 @@ xbps-install -Su xbps nano
``` ```
The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor.
Then, edit the config.txt. And then, go to the kaiten-yaki/script directory.
```bash
cd /the/downloaded/directory/kaiten-yaki/script
```
Now, ready to configure.
## Configuration parameters ## Configuration parameters
This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation. This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation.

44
script/lib/chrooted_job_ubuntu.sh Normal file
View file

@ -0,0 +1,44 @@
#!/bin/bash
# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir
# shellcheck disable=SC1091
source config.sh
# Create a key file for LUKS and register it as contents of the initramfs image
function chrooted_job() {
# Mount the rest of partitions by target /etc/fstab
mount -a
# Set up the kernel hook of encryption
echo "...Installing cryptsetup-initramfs package."
apt -qq install -y cryptsetup-initramfs
# Prepare a key file to embed in to the ramfs.
echo "...Prepairing key file."
mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# Add a key to the key file. Use the passphrase in the environment variable.
echo "...Adding a key to the key file."
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.
echo "...Adding LUKS volume info to /etc/crypttab."
echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
# Putting key file into the ramfs initial image
echo "...Registering key file to the ramfs"
echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
# Finally, update the ramfs initial image with the key file.
echo "...Upadting initramfs."
update-initramfs -uk all
# Leave chroot
}
# Execute job
chrooted_job

45
script/lib/chrooted_job_void.sh Normal file
View file

@ -0,0 +1,45 @@
#!/bin/bash
# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir
# shellcheck disable=SC1091
source config.sh
# Create a key file for LUKS and register it as contents of the initramfs image
function chrooted_job() {
# Mount the rest of partitions by target /etc/fstab
mount -a
# Set up the kernel hook of encryption
echo "...Installing cryptsetup-initramfs package."
xbps-install -y lvm2 cryptsetup
# Prepare a key file to embed in to the ramfs.
echo "...Prepairing key file."
mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# Add a key to the key file. Use the passphrase in the environment variable.
echo "...Adding a key to the key file."
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.
echo "...Adding LUKS volume info to /etc/crypttab."
echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
# Putting key file into the ramfs initial image
echo "...Registering key file to the ramfs"
echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf
# Finally, update the ramfs initial image with the key file.
echo "...Upadting initramfs."
xbps-reconfigure -fa
echo "...grub-mkconfig."
grub-mkconfig -o /boot/grub/grub.cfg
# Leave chroot
}
# Execute job
chrooted_job

49
script/lib.sh → script/lib/common.sh
View file

@ -124,7 +124,7 @@ function confirmation(){
# ******************************************************************************* # *******************************************************************************
# Pre-install stage # Common Pre-install stage
# ******************************************************************************* # *******************************************************************************
function pre_install() { function pre_install() {
@ -283,6 +283,53 @@ function para_install_msg() {
return 0 return 0
} }
# *******************************************************************************
# Common post-install stage
# *******************************************************************************
# In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB
function post_install() {
## Mount the target file system
# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}"
# And mount other directories
echo "...Mounting all other dirs."
for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
# Copy all scripts to the target /tmp
echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp."
mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki"
cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki"
# Change root and create the keyfile and ramfs image for Linux kernel.
# The here document is script executed under chroot. And here we call
# the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh".
echo "...Chroot to ${TARGETMOUNTPOINT}."
# shellcheck disable=SC2086
cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash
cd /tmp/kaiten-yaki
# Execute copied script
source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh"
HEREDOC
# Unmount all
echo "...Unmounting all."
umount -R "${TARGETMOUNTPOINT}"
# Finishing message
cat <<- HEREDOC
****************** Post-install process finished ******************
...Ready to reboot.
HEREDOC
return 0
} # End of post_install_local()
# ******************************************************************************* # *******************************************************************************
# Deactivate all LV in the VG and close LUKS volume # Deactivate all LV in the VG and close LUKS volume
# ******************************************************************************* # *******************************************************************************

70
script/ubuntu-kaiten-yaki.sh
View file

@ -5,14 +5,13 @@
source ./config.sh source ./config.sh
# Load common functions # Load common functions
source ./lib.sh source ./lib/common.sh
function main() { function main() {
# This is the mount point of the install target. # This is the mount point of the install target.
export TARGETMOUNTPOINT="/target" export TARGETMOUNTPOINT="/target"
# ******************************************************************************* # *******************************************************************************
# Confirmation before installation # Confirmation before installation
# ******************************************************************************* # *******************************************************************************
@ -55,7 +54,8 @@ function main() {
# ******************************************************************************* # *******************************************************************************
# Distribution dependent finalizing. Embedd encryption key into the ramfs image. # Distribution dependent finalizing. Embedd encryption key into the ramfs image.
post_install_local # The script is parameterized by env-variable to fit to the distribution
post_install
# Normal end # Normal end
return 0 return 0
@ -100,70 +100,6 @@ function para_install_local() {
return 0 return 0
} }
# *******************************************************************************
# Ubuntu dependent post-installation process
function post_install_local() {
## Mount the target file system
# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT}
# And mount other directories
echo "...Mounting all other dirs."
for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
# Change root and create the keyfile and ramfs image for Linux kernel.
echo "...Chroot to ${TARGETMOUNTPOINT}."
# shellcheck disable=SC2086
cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash
# Mount the rest of partitions by target /etc/fstab
mount -a
# Set up the kernel hook of encryption
echo "...Installing cryptsetup-initramfs package."
apt -qq install -y cryptsetup-initramfs
# Prepare a key file to embed in to the ramfs.
echo "...Prepairing key file."
mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# Add a key to the key file. Use the passphrase in the environment variable.
echo "...Adding a key to the key file."
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.
echo "...Adding LUKS volume info to /etc/crypttab."
echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
# Putting key file into the ramfs initial image
echo "...Registering key file to the ramfs"
echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
# Finally, update the ramfs initial image with the key file.
echo "...Upadting initramfs."
update-initramfs -uk all
# Leave chroot
HEREDOC
# Unmount all
echo "...Unmounting all."
umount -R ${TARGETMOUNTPOINT}
# Finishing message
cat <<- HEREDOC
****************** Post-install process finished ******************
...Ready to reboot.
HEREDOC
return 0
} # End of post_install_local()
# ******************************************************************************* # *******************************************************************************

71
script/void-kaiten-yaki.sh
View file

@ -5,14 +5,13 @@
source ./config.sh source ./config.sh
# Load common functions # Load common functions
source ./lib.sh source ./lib/common.sh
function main() { function main() {
# This is the mount point of the install target. # This is the mount point of the install target.
export TARGETMOUNTPOINT="/mnt/target" export TARGETMOUNTPOINT="/mnt/target"
# ******************************************************************************* # *******************************************************************************
# Confirmation before installation # Confirmation before installation
# ******************************************************************************* # *******************************************************************************
@ -76,7 +75,8 @@ function main() {
# ******************************************************************************* # *******************************************************************************
# Distribution dependent finalizing. Embedd encryption key into the ramfs image. # Distribution dependent finalizing. Embedd encryption key into the ramfs image.
post_install_local # The script is parameterized by env-variable to fit to the distribution
post_install
# Normal end # Normal end
return 0 return 0
@ -128,71 +128,6 @@ function para_install_local() {
return 0 return 0
} }
# *******************************************************************************
# Void Linux dependent post-installation process
function post_install_local() {
## Mount the target file system
# ${TARGETMOUNTPOINT} is created by the GUI/TUI installer
echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}."
mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT}
# And mount other directories
echo "...Mounting all other dirs."
for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done
# Change root and create the keyfile and ramfs image for Linux kernel.
echo "...Chroot to ${TARGETMOUNTPOINT}."
# shellcheck disable=SC2086
cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash
# Mount the rest of partitions by target /etc/fstab
mount -a
# Set up the kernel hook of encryption
echo "...Installing cryptsetup-initramfs package."
xbps-install -y lvm2 cryptsetup
# Prepare a key file to embed in to the ramfs.
echo "...Prepairing key file."
mkdir /etc/luks
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none
chmod u=rx,go-rwx /etc/luks
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
# Add a key to the key file. Use the passphrase in the environment variable.
echo "...Adding a key to the key file."
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile
# Add the LUKS volume information to /etc/crypttab to decrypt by kernel.
echo "...Adding LUKS volume info to /etc/crypttab."
echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
# Putting key file into the ramfs initial image
echo "...Registering key file to the ramfs"
echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf
# Finally, update the ramfs initial image with the key file.
echo "...Upadting initramfs."
xbps-reconfigure -fa
echo "...grub-mkconfig."
grub-mkconfig -o /boot/grub/grub.cfg
# Leave chroot
HEREDOC
# Unmount all
echo "...Unmounting all."
umount -R ${TARGETMOUNTPOINT}
# Finishing message
cat <<- HEREDOC
****************** Post-install process finished ******************
...Ready to reboot.
HEREDOC
return 0
} # End of post_install_local()
# ******************************************************************************* # *******************************************************************************