mirror of
https://github.com/suikan4github/kaiten-yaki.git
synced 2025-12-20 02:21:17 -03:00
created ubuntu_en.md
This commit is contained in:
Suikan
parent
435527748b
commit
fe65f71182
1 changed files with 129 additions and 0 deletions
129
ubuntu_en.md
Normal file
129
ubuntu_en.md
Normal file
|
|
@ -0,0 +1,129 @@
|
||||||
|
# Ubuntu 20.04LTS installation into the LVM on the LUKS volume.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# ------------------ Create the partitions ------------------
|
||||||
|
# Promote to the root user
|
||||||
|
sudo -i
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
|
||||||
|
# Setup the passphrase of the crypt partition
|
||||||
|
read -sr PASSPHRASE
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
|
||||||
|
# ------------------ Parameter setting ------------------
|
||||||
|
# export to share with entire script
|
||||||
|
export PASSPHRASE
|
||||||
|
|
||||||
|
# Device and partition setting. If you wan to MAKE /dev/sda2 as linux root partition,
|
||||||
|
# set the DEV and ROOTPARTITION to /dev/sda and 2, respectively.
|
||||||
|
# EFI partition is usualy fixed as partition 1.
|
||||||
|
export DEV="/dev/sda"
|
||||||
|
export EFIPARTITION=1
|
||||||
|
export ROOTPARTITION=2
|
||||||
|
|
||||||
|
# Usually, following names are left unchanged unless existing volumes uses them.
|
||||||
|
export CRYPTPARTITION="luks_volume"
|
||||||
|
export VGNAME="vg1"
|
||||||
|
export LVSWAP="swap"
|
||||||
|
export LVROOT="ubuntu"
|
||||||
|
|
||||||
|
# ROOTSIZE is percentage to the free spage in the volume group.
|
||||||
|
# 50% mean, new partition will use 50% of the free space in the LVM volume group.
|
||||||
|
export SWAPSIZE="8G"
|
||||||
|
export ROOTSIZE="50%FREE"
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------ Create the partitions ------------------
|
||||||
|
|
||||||
|
# Optional : Create partitions for in the physical disk.
|
||||||
|
# Assign 100MB and rest of disk to the EFI and LUKS partition, respectively.
|
||||||
|
sgdisk --zap-all "${DEV}"
|
||||||
|
sgdisk --new=${EFIPARTITION}:0:+100M --change-name=${EFIPARTITION}:"EFI System" --typecode=${EFIPARTITION}:ef00 "${DEV}"
|
||||||
|
sgdisk --new=${ROOTPARTITION}:0:0 --change-name=${ROOTPARTITION}:"Linux LUKS" --typecode=${ROOTPARTITION}:8309 "${DEV}"
|
||||||
|
sgdisk --print "${DEV}"
|
||||||
|
|
||||||
|
# Format the EFI partition by FAT32.
|
||||||
|
mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}"
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
# ------------------ Encrypt the volume to install and test ------------------
|
||||||
|
|
||||||
|
# Encrypt the partition to install the linux
|
||||||
|
printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${ROOTPARTITION}"
|
||||||
|
|
||||||
|
# Open the created crypt partition. To be sure, input the passphrase manually
|
||||||
|
cryptsetup open "${DEV}${ROOTPARTITION}" ${CRYPTPARTITION}
|
||||||
|
|
||||||
|
# Check whether successful open. If mapped, it is successful.
|
||||||
|
ls -l /dev/mapper
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
# ------------------ LVM configuration ------------------
|
||||||
|
|
||||||
|
# Create the Physical Volume and Volume Group.
|
||||||
|
pvcreate /dev/mapper/${CRYPTPARTITION}
|
||||||
|
vgcreate ${VGNAME} /dev/mapper/${CRYPTPARTITION}
|
||||||
|
|
||||||
|
# Optional : Create the SWAP Logical Volume on VG, if volume size is not 0.
|
||||||
|
if [ $SIZE != "0" -a $SIZE != "0G" ] ; then lvcreate -L SWAPSIZE -n ${LVSWAP} ${VGNAME} ; fi
|
||||||
|
|
||||||
|
# Create the ROOT Logical Volume on VG.
|
||||||
|
lvcreate -l ROOTSIZE -n ${LVROOT} ${VGNAME}
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
# ------------------ Run the ubiquity installer here ------------------
|
||||||
|
|
||||||
|
# ------------------ Configuratte the target GRUB during the Ubiquity runs ------------------
|
||||||
|
# Make target GRUB aware to the crypt partition
|
||||||
|
echo "GRUB_ENABLE_CRYPTODISK=y" >> /target/etc/default/grub
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
# ------------------ Wait the end of Ubiquity ------------------
|
||||||
|
# ------------------ Mount the targets ------------------
|
||||||
|
# Mount the volume and change root
|
||||||
|
# /target is created by the Ubiquity installer
|
||||||
|
mount /dev/mapper/${VGNAME}-${LVROOT} /target
|
||||||
|
for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "/target/$n"; done
|
||||||
|
chroot /target /bin/bash
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
|
||||||
|
# ------------------ Add auto decryption to the target kernel -----------------
|
||||||
|
# Mount the rest of partitions by target /etc/fstab
|
||||||
|
mount -a
|
||||||
|
|
||||||
|
# Set up the kernel hook of encryption
|
||||||
|
apt install -y cryptsetup-initramfs
|
||||||
|
echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook
|
||||||
|
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
|
||||||
|
|
||||||
|
# Prepare the key file for auto decryption
|
||||||
|
mkdir /etc/luks
|
||||||
|
dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1
|
||||||
|
chmod u=rx,go-rwx /etc/luks
|
||||||
|
chmod u=r,go-rwx /etc/luks/boot_os.keyfile
|
||||||
|
|
||||||
|
# Make the keyfile
|
||||||
|
printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${ROOTPARTITION}" /etc/luks/boot_os.keyfile
|
||||||
|
|
||||||
|
# Add the LUKS partition to /etc/crypttab to decrypt automatically
|
||||||
|
echo "${CRYPTPARTITION} UUID=$(blkid -s UUID -o value ${DEV}${ROOTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab
|
||||||
|
|
||||||
|
# Finally, update the ramfs initial image with the key file.
|
||||||
|
update-initramfs -uk all
|
||||||
|
|
||||||
|
```
|
||||||
|
```bash
|
||||||
|
# ------------------ Finishing installation -----------------
|
||||||
|
exit
|
||||||
|
reboot
|
||||||
|
|
||||||
|
```
|
||||||
Loading…
Add table
Add a link
Reference in a new issue