From 1ca9e3465fad33971a1896e5610248a42862133d Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 15:08:59 +0900 Subject: [PATCH 01/97] Overwrite install is implemented Issue #5 OVERWRITEINSTALL confirmation is missing --- script/lib.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/script/lib.sh b/script/lib.sh index 7c874a6..18a412a 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -70,7 +70,7 @@ function confirmation(){ return 1 # with error status fi # if YES - # For sure ask to be sure to erase. + # For sure ask to erase. if [ "${ERASEALL}" -ne 0 ] ; then echo "Are you sure you want to erase entire ${DEV}? [Y/N]" read -r YESNO @@ -78,6 +78,19 @@ function confirmation(){ cat <<-HEREDOC ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + + # For sure ask to overwrite. + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + echo "Are you sure you want to overwrite ${LVROOTNAME} in ${VGNAME}? [Y/N]" + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<-HEREDOC + ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. + ...Installation process terminated.. HEREDOC return 1 # with error status From c504de3d9b68efe663a746debee08bb00044275e Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 15:15:06 +0900 Subject: [PATCH 02/97] Fix unbalance if - fi --- script/lib.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/script/lib.sh b/script/lib.sh index 18a412a..06ca086 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -82,6 +82,7 @@ function confirmation(){ HEREDOC return 1 # with error status fi # if YES + fi # if erase all # For sure ask to overwrite. if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then @@ -95,7 +96,7 @@ function confirmation(){ HEREDOC return 1 # with error status fi # if YES - fi # if erase all + fi # if overwrite # ----- Set Passphrase ----- # Input passphrase From 91db393dd2bd0d75e7038ad2700b67e6cb54a8d5 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 15:18:14 +0900 Subject: [PATCH 03/97] Add double quote for ease-of-read --- script/lib.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/lib.sh b/script/lib.sh index 06ca086..d68bf77 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -72,7 +72,7 @@ function confirmation(){ # For sure ask to erase. if [ "${ERASEALL}" -ne 0 ] ; then - echo "Are you sure you want to erase entire ${DEV}? [Y/N]" + echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" read -r YESNO if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then cat <<-HEREDOC @@ -86,7 +86,7 @@ function confirmation(){ # For sure ask to overwrite. if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - echo "Are you sure you want to overwrite ${LVROOTNAME} in ${VGNAME}? [Y/N]" + echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" read -r YESNO if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then cat <<-HEREDOC From 70ae04d1e143e9f58159992cb22f51ad5b8480da Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 15:33:36 +0900 Subject: [PATCH 04/97] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c80ecd..1eb39aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ Record of the modification in project development. ### Added ### Changed +- [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) + ### Deprecated ### Removed ### Fixed From 717fe7687a107579ab0b35999acb8c0dbd523974 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 15:50:36 +0900 Subject: [PATCH 05/97] Removed sed dependency Issue #6 Remove loglevel dependency from the void-kaiten-yaki.sh --- script/void-kaiten-yaki.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index d2c1332..6dd8da4 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -50,14 +50,14 @@ function main() { else # Not yet. Let's add. echo "...Modify /etc/default/grub." - sed -i "s#loglevel=4#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#" /etc/default/grub - + sed -i -e "/GRUB_CMDLINE_LINUX_DEFAULT/{s#\"# ${GRUB_ADDITIONAL_PARAMETERS}\"#2}" /etc/default/grub fi # Common part of the pre-install stage if ! pre_install ; then + # If error, restore the modification. echo "...restoring modified /etc/default/grub." - sed -i "s#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#loglevel=4#" /etc/default/grub + sed -i -e "s#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#loglevel=4#" /etc/default/grub return 1 # with error status fi From 2554ed823a42d532e6be8bbc24dc963d74e2e8ab Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 16:19:47 +0900 Subject: [PATCH 06/97] Update changelog. --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eb39aa..b654921 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,11 +6,12 @@ Record of the modification in project development. ### Added ### Changed - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) +- [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) ### Deprecated ### Removed ### Fixed -### Security + ### Known Issue ## [1.0.0] - 2021-07-03 From fb47c71a02cc48f507e2055789d390d604889e21 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 16:28:19 +0900 Subject: [PATCH 07/97] Cancelation message corrected. Wrong message after cancallation Issue : #8 --- script/lib.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/script/lib.sh b/script/lib.sh index d68bf77..0d03ad7 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -294,13 +294,15 @@ function deactivate_and_close(){ # ******************************************************************************* function on_unexpected_installer_quit(){ echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" - if [ "${OVERWRITEINSTALL}" -eq 0 ] ; then # If not over install, volume is new. So delete it + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume + echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." + else # if not overwrite istall, delete the new volume echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" fi # Deactivate all lg and close the LUKS volume deactivate_and_close - echo "...The new logical volume has been deleted. You can retry Kaiten-yaki again." + echo "...You can retry Kaiten-yaki again." } From 989ca530ceaefa75f391e626038d173b9d249f8d Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 16:35:05 +0900 Subject: [PATCH 08/97] Changelog updated --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b654921..557e539 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ Record of the modification in project development. ### Deprecated ### Removed ### Fixed +- [Issue 8 : Wrong message after cancellation ](https://github.com/suikan4github/kaiten-yaki/8) ### Known Issue From 6810e4414a1e0ba1804e7e41e6eed720af10843d Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 21:41:49 +0900 Subject: [PATCH 09/97] Added error handling Add the return status validation Issue #7 --- script/lib.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/script/lib.sh b/script/lib.sh index 0d03ad7..895f331 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -138,16 +138,20 @@ function pre_install() { # Zap existing partition table and create new GPT echo "...Initializing \"${DEV}\" with GPT." sgdisk --zap-all "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate # Create EFI partition and format it echo "...Creating an EFI partition on \"${DEV}\"." # shellcheck disable=SC2140 sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate echo "...Formatting the EFI parttion." mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" + if is_error ; then return 1 ; fi; # If error, terminate # Create Linux partition echo "...Creating a Linux partition on ${DEV}." # shellcheck disable=SC2140 sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate # Then print them sgdisk --print "${DEV}" else # BIOS @@ -159,6 +163,7 @@ function pre_install() { sfdisk "${DEV}" <<- HEREDOC 2M,,L HEREDOC + if is_error ; then return 1 ; fi; # If error, terminate fi # if EFI firmware # Encrypt the partition to install Linux @@ -194,8 +199,10 @@ function pre_install() { else echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" pvcreate /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; echo "...And then creating Volume group \"${VGNAME}\"." vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi # if /dev/volume-groupt exist # Create a SWAP Logical Volume on VG, if it doesn't exist @@ -204,6 +211,7 @@ function pre_install() { else echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi # if /dev/mapper/swap volume already exit. # Create a ROOT Logical Volume on VG. @@ -331,4 +339,21 @@ function distribution_check(){ # no error return 0 +} + + +# ******************************************************************************* +# Error report and return revsers status. +# ******************************************************************************* +function is_error() { + if [ $? -eq 0 ] ; then # Is previous job OK? + return 1 # If OK, return error ( because it was not error ) + else + cat <<- HEREDOC + **** ERROR ! **** + + Installation process terminated. + HEREDOC + return 0 # If error, return OK ( because it was error ) + fi; } \ No newline at end of file From 95d8c6f62cfc1281194364647975af2f068ba15f Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 21:54:29 +0900 Subject: [PATCH 10/97] Add and adjust erro rhanding. Add error handling afer dd. Error message of pre-install is now conditional. --- script/lib.sh | 1 + script/void-kaiten-yaki.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/script/lib.sh b/script/lib.sh index 895f331..c9c207e 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -158,6 +158,7 @@ function pre_install() { # Zap existing partition table echo "...Erasing partition table of \"${DEV}\"." dd if=/dev/zero of="${DEV}" bs=512 count=1 + if is_error ; then return 1 ; fi; # If error, terminate # Create MBR and allocate max storage for Linux partition echo "...Creating a Linux partition on ${DEV} with MBR." sfdisk "${DEV}" <<- HEREDOC diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 6dd8da4..87cfcd4 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -56,8 +56,8 @@ function main() { # Common part of the pre-install stage if ! pre_install ; then # If error, restore the modification. - echo "...restoring modified /etc/default/grub." - sed -i -e "s#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#loglevel=4#" /etc/default/grub + echo "...restoring /etc/default/grub, if needed" + sed -i -e "s#${GRUB_ADDITIONAL_PARAMETERS}##" /etc/default/grub return 1 # with error status fi From e3e35995611120680650e998c8bba16e88ba77d3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 22:00:55 +0900 Subject: [PATCH 11/97] Add error handling on lvcreate root --- script/lib.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/script/lib.sh b/script/lib.sh index c9c207e..82b0ffc 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -240,6 +240,7 @@ function pre_install() { else # not exist and not overwrite install echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi fi From 98ad669b1338ea6c827489c2f7e39f9577270604 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 4 Jul 2021 22:09:22 +0900 Subject: [PATCH 12/97] Update changelog Add the return status validation Issue #7 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 557e539..ec8b588 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Record of the modification in project development. ### Changed - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) +- [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) ### Deprecated ### Removed From 3ce805c5cabfba3f09780d4f74ad721b41ba7cad Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 07:41:34 +0900 Subject: [PATCH 13/97] Make chroot'ed job independent script file Issue #11 --- script/lib/common.sh | 408 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 408 insertions(+) create mode 100644 script/lib/common.sh diff --git a/script/lib/common.sh b/script/lib/common.sh new file mode 100644 index 0000000..cff0f92 --- /dev/null +++ b/script/lib/common.sh @@ -0,0 +1,408 @@ +#!/bin/bash -u +# ******************************************************************************* +# Confirmation and Passphrase setting +# ******************************************************************************* + +function confirmation(){ + + # Consistency check for the OVERWRITEINSTALL and ERASEALL + if [ "${ERASEALL}" -ne 0 ] && [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + cat <<- HEREDOC + ***** ERROR : Confliction between ERASEALL and OVERWRITEINSTALL ***** + ...ERASEALL = ${ERASEALL} + ...OVERWRITEINSTALL = ${OVERWRITEINSTALL} + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi + + # Sanity check for volume group name + if echo "${VGNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume group name. + cat <<- HEREDOC + ***** ERROR : VGNAME is "${VGNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume group name. + + # Sanity check for root volume name + if echo "${LVROOTNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVROOTNAME is "${LVROOTNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume name. + + # Sanity check for swap volume name + if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVSWAPNAME is "${LVSWAPNAME}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume name. + + # For surre ask the your config.sh is edited + cat <<- HEREDOC + + The destination logical volume label is "${LVROOTNAME}" + "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. + Are you sure to install? [Y/N] + HEREDOC + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + + # For sure ask to erase. + if [ "${ERASEALL}" -ne 0 ] ; then + echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<-HEREDOC + ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + fi # if erase all + + # For sure ask to overwrite. + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<-HEREDOC + ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + fi # if overwrite + + # ----- Set Passphrase ----- + # Input passphrase + echo "" + echo "Type passphrase for the disk encryption." + read -sr PASSPHRASE + export PASSPHRASE + + echo "Type passphrase again, to confirm." + read -sr PASSPHRASE_C + + # Validate whether both are indentical or not + if [ "${PASSPHRASE}" != "${PASSPHRASE_C}" ] ; then + cat <<-HEREDOC + ***** ERROR : Passphrase doesn't match ***** + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # passphrase validation + + # succesfull return + return 0 +} + + +# ******************************************************************************* +# Common Pre-install stage +# ******************************************************************************* + +function pre_install() { + + + # ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition ----- + if [ "${ERASEALL}" -ne 0 ] ; then + + # Assign specified space and rest of disk to the EFI and LUKS partition, respectively. + if [ "${ISEFI}" -ne 0 ] ; then # EFI + # Zap existing partition table and create new GPT + echo "...Initializing \"${DEV}\" with GPT." + sgdisk --zap-all "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + # Create EFI partition and format it + echo "...Creating an EFI partition on \"${DEV}\"." + # shellcheck disable=SC2140 + sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + echo "...Formatting the EFI parttion." + mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" + if is_error ; then return 1 ; fi; # If error, terminate + # Create Linux partition + echo "...Creating a Linux partition on ${DEV}." + # shellcheck disable=SC2140 + sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" + if is_error ; then return 1 ; fi; # If error, terminate + # Then print them + sgdisk --print "${DEV}" + else # BIOS + # Zap existing partition table + echo "...Erasing partition table of \"${DEV}\"." + dd if=/dev/zero of="${DEV}" bs=512 count=1 + if is_error ; then return 1 ; fi; # If error, terminate + # Create MBR and allocate max storage for Linux partition + echo "...Creating a Linux partition on ${DEV} with MBR." + sfdisk "${DEV}" <<- HEREDOC + 2M,,L + HEREDOC + if is_error ; then return 1 ; fi; # If error, terminate + fi # if EFI firmware + + # Encrypt the partition to install Linux + echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" + printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" + + fi # if erase all + + # ----- Open the LUKS partition ----- + # Open the crypt partition. + echo "...Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" + printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" "${CRYPTPARTNAME}" + + # Check whether successful open. If mapped, it is successful. + if [ ! -e /dev/mapper/"${CRYPTPARTNAME}" ] ; then + cat <<- HEREDOC + ***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on "${DEV}${CRYPTPARTITION}". ***** + ...Check passphrase and your config.txt + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if crypt volume is unable to open + + # ----- Configure the LVM in LUKS volume ----- + # Check volume group ${VGNAME} exist or not + if vgdisplay -s "${VGNAME}" &> /dev/null ; then # if exist + echo "...Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." + echo "...Activating all logical volumes in volume group \"${VGNAME}\"." + vgchange -ay + echo "...Scanning all logical volumes." + lvscan + else + echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" + pvcreate /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + echo "...And then creating Volume group \"${VGNAME}\"." + vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi # if /dev/volume-groupt exist + + # Create a SWAP Logical Volume on VG, if it doesn't exist + if [ -e /dev/mapper/"${VGNAME}"-"${LVSWAPNAME}" ] ; then + echo "...Swap volume already exist. Skipped to create. No problem." + else + echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." + lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi # if /dev/mapper/swap volume already exit. + + # Create a ROOT Logical Volume on VG. + if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install + echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." + else # exist and not overwriteinstall + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** + ...Check LVROOTNAME environment variable in your config.txt. + HEREDOC + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + fi + else # not exsit + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** + ...Check consistency of your config.txt. + HEREDOC + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + else # not exist and not overwrite install + echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." + lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + fi + fi + + + # successful return + return 0 +} + + +# ******************************************************************************* +# Common message in para-install stage +# ******************************************************************************* + +function para_install_msg() { + + cat <<- HEREDOC + ****************************************************************************** + The pre-install process is done. We are ready to install the Linux to the + target storage device. By pressing return key, GUI/TUI installer starts. + + Please pay attention to the partition/logical volume mapping configuration. + In this installation, you have to map the previously created partitions/logical + volumes to the appropriate directories of the target system as followings : + + HEREDOC + + # In the EFI system, add this mapping + if [ "${ISEFI}" -ne 0 ] ; then + echo "/boot/efi : ${DEV}${EFIPARTITION}" + fi + + # Root volume mapping + echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" + + # In case of erased storage, add this mapping + if [ "${ERASEALL}" -ne 0 ] ; then + echo "swap : /dev/mapper/${VGNAME}-${LVSWAPNAME}" + fi + + return 0 +} + + +# ******************************************************************************* +# Common post-install stage +# ******************************************************************************* +# In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB +function post_install_local() { + ## Mount the target file system + # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer + echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." + mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" + + # And mount other directories + echo "...Mounting all other dirs." + for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done + + # Copy all scripts to the target /tmp + echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." + mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + cp -R ./*.sh "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + + # Change root and create the keyfile and ramfs image for Linux kernel. + # The here document is script executed under chroot. And here we call + # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh". + echo "...Chroot to ${TARGETMOUNTPOINT}." + # shellcheck disable=SC2086 + cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash + cd /tmp/kaiten-yaki + # Execute copied script + source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" + HEREDOC + + # Unmount all + echo "...Unmounting all." + umount -R "${TARGETMOUNTPOINT}" + + # Finishing message + cat <<- HEREDOC + ****************** Post-install process finished ****************** + + ...Ready to reboot. + HEREDOC + + return 0 + +} # End of post_install_local() + + +# ******************************************************************************* +# Deactivate all LV in the VG and close LUKS volume +# ******************************************************************************* + +function deactivate_and_close(){ + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + vgchange -a n "${VGNAME}" + echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + cryptsetup close "${CRYPTPARTNAME}" + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + +} + +# ******************************************************************************* +# Delete the nwe volume if overwrite install, and close all +# ******************************************************************************* +function on_unexpected_installer_quit(){ + echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume + echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." + else # if not overwrite istall, delete the new volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + fi + # Deactivate all lg and close the LUKS volume + deactivate_and_close + echo "...You can retry Kaiten-yaki again." +} + + +# ******************************************************************************* +# Check whether given signaure is in the system information +# ******************************************************************************* +function distribution_check(){ + if ! uname -a | grep "${DISTRIBUTIONSIGNATURE}" -i > /dev/null ; then # Signature is not found in the OS name. + echo "*******************************************************************************" + uname -a + cat <<- HEREDOC + ******************************************************************************* + This system seems to be not $DISTRIBUTIONNAME, while this script is dediated to the $DISTRIBUTIONNAME. + Are you sure you want to run this script? [Y/N] + HEREDOC + read -r YESNO + if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # if YES + + fi # Distribution check + + # no error + return 0 +} + + +# ******************************************************************************* +# Error report and return revsers status. +# ******************************************************************************* +function is_error() { + if [ $? -eq 0 ] ; then # Is previous job OK? + return 1 # If OK, return error ( because it was not error ) + else + cat <<- HEREDOC + **** ERROR ! **** + + Installation process terminated. + HEREDOC + return 0 # If error, return OK ( because it was error ) + fi; +} \ No newline at end of file From 7b91fbd9f4bf38bf2dadc54bd23ad8b4e922bb9c Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 07:41:56 +0900 Subject: [PATCH 14/97] Additional changes --- script/lib.sh | 361 ------------------------------ script/lib/chrooted_job_ubuntu.sh | 44 ++++ script/lib/chrooted_job_void.sh | 45 ++++ script/ubuntu-kaiten-yaki.sh | 72 +----- script/void-kaiten-yaki.sh | 71 +----- 5 files changed, 96 insertions(+), 497 deletions(-) delete mode 100644 script/lib.sh create mode 100644 script/lib/chrooted_job_ubuntu.sh create mode 100644 script/lib/chrooted_job_void.sh diff --git a/script/lib.sh b/script/lib.sh deleted file mode 100644 index 82b0ffc..0000000 --- a/script/lib.sh +++ /dev/null @@ -1,361 +0,0 @@ -#!/bin/bash -u -# ******************************************************************************* -# Confirmation and Passphrase setting -# ******************************************************************************* - -function confirmation(){ - - # Consistency check for the OVERWRITEINSTALL and ERASEALL - if [ "${ERASEALL}" -ne 0 ] && [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - cat <<- HEREDOC - ***** ERROR : Confliction between ERASEALL and OVERWRITEINSTALL ***** - ...ERASEALL = ${ERASEALL} - ...OVERWRITEINSTALL = ${OVERWRITEINSTALL} - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi - - # Sanity check for volume group name - if echo "${VGNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume group name. - cat <<- HEREDOC - ***** ERROR : VGNAME is "${VGNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume group name. - - # Sanity check for root volume name - if echo "${LVROOTNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. - cat <<- HEREDOC - ***** ERROR : LVROOTNAME is "${LVROOTNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume name. - - # Sanity check for swap volume name - if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. - cat <<- HEREDOC - ***** ERROR : LVSWAPNAME is "${LVSWAPNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # "-" is found in the volume name. - - # For surre ask the your config.sh is edited - cat <<- HEREDOC - - The destination logical volume label is "${LVROOTNAME}" - "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. - Are you sure to install? [Y/N] - HEREDOC - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - - # For sure ask to erase. - if [ "${ERASEALL}" -ne 0 ] ; then - echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if erase all - - # For sure ask to overwrite. - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if overwrite - - # ----- Set Passphrase ----- - # Input passphrase - echo "" - echo "Type passphrase for the disk encryption." - read -sr PASSPHRASE - export PASSPHRASE - - echo "Type passphrase again, to confirm." - read -sr PASSPHRASE_C - - # Validate whether both are indentical or not - if [ "${PASSPHRASE}" != "${PASSPHRASE_C}" ] ; then - cat <<-HEREDOC - ***** ERROR : Passphrase doesn't match ***** - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # passphrase validation - - # succesfull return - return 0 -} - - -# ******************************************************************************* -# Pre-install stage -# ******************************************************************************* - -function pre_install() { - - - # ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition ----- - if [ "${ERASEALL}" -ne 0 ] ; then - - # Assign specified space and rest of disk to the EFI and LUKS partition, respectively. - if [ "${ISEFI}" -ne 0 ] ; then # EFI - # Zap existing partition table and create new GPT - echo "...Initializing \"${DEV}\" with GPT." - sgdisk --zap-all "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - # Create EFI partition and format it - echo "...Creating an EFI partition on \"${DEV}\"." - # shellcheck disable=SC2140 - sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - echo "...Formatting the EFI parttion." - mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" - if is_error ; then return 1 ; fi; # If error, terminate - # Create Linux partition - echo "...Creating a Linux partition on ${DEV}." - # shellcheck disable=SC2140 - sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" - if is_error ; then return 1 ; fi; # If error, terminate - # Then print them - sgdisk --print "${DEV}" - else # BIOS - # Zap existing partition table - echo "...Erasing partition table of \"${DEV}\"." - dd if=/dev/zero of="${DEV}" bs=512 count=1 - if is_error ; then return 1 ; fi; # If error, terminate - # Create MBR and allocate max storage for Linux partition - echo "...Creating a Linux partition on ${DEV} with MBR." - sfdisk "${DEV}" <<- HEREDOC - 2M,,L - HEREDOC - if is_error ; then return 1 ; fi; # If error, terminate - fi # if EFI firmware - - # Encrypt the partition to install Linux - echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" - printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" - - fi # if erase all - - # ----- Open the LUKS partition ----- - # Open the crypt partition. - echo "...Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" - printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" "${CRYPTPARTNAME}" - - # Check whether successful open. If mapped, it is successful. - if [ ! -e /dev/mapper/"${CRYPTPARTNAME}" ] ; then - cat <<- HEREDOC - ***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on "${DEV}${CRYPTPARTITION}". ***** - ...Check passphrase and your config.txt - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if crypt volume is unable to open - - # ----- Configure the LVM in LUKS volume ----- - # Check volume group ${VGNAME} exist or not - if vgdisplay -s "${VGNAME}" &> /dev/null ; then # if exist - echo "...Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." - echo "...Activating all logical volumes in volume group \"${VGNAME}\"." - vgchange -ay - echo "...Scanning all logical volumes." - lvscan - else - echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" - pvcreate /dev/mapper/"${CRYPTPARTNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - echo "...And then creating Volume group \"${VGNAME}\"." - vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi # if /dev/volume-groupt exist - - # Create a SWAP Logical Volume on VG, if it doesn't exist - if [ -e /dev/mapper/"${VGNAME}"-"${LVSWAPNAME}" ] ; then - echo "...Swap volume already exist. Skipped to create. No problem." - else - echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." - lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi # if /dev/mapper/swap volume already exit. - - # Create a ROOT Logical Volume on VG. - if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install - echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." - else # exist and not overwriteinstall - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** - ...Check LVROOTNAME environment variable in your config.txt. - HEREDOC - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - fi - else # not exsit - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** - ...Check consistency of your config.txt. - HEREDOC - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - else # not exist and not overwrite install - echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." - lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" - if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - fi - fi - - - # successful return - return 0 -} - - -# ******************************************************************************* -# Common message in para-install stage -# ******************************************************************************* - -function para_install_msg() { - - cat <<- HEREDOC - ****************************************************************************** - The pre-install process is done. We are ready to install the Linux to the - target storage device. By pressing return key, GUI/TUI installer starts. - - Please pay attention to the partition/logical volume mapping configuration. - In this installation, you have to map the previously created partitions/logical - volumes to the appropriate directories of the target system as followings : - - HEREDOC - - # In the EFI system, add this mapping - if [ "${ISEFI}" -ne 0 ] ; then - echo "/boot/efi : ${DEV}${EFIPARTITION}" - fi - - # Root volume mapping - echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" - - # In case of erased storage, add this mapping - if [ "${ERASEALL}" -ne 0 ] ; then - echo "swap : /dev/mapper/${VGNAME}-${LVSWAPNAME}" - fi - - return 0 -} - -# ******************************************************************************* -# Deactivate all LV in the VG and close LUKS volume -# ******************************************************************************* - -function deactivate_and_close(){ - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." - vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." - cryptsetup close "${CRYPTPARTNAME}" - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - -} - -# ******************************************************************************* -# Delete the nwe volume if overwrite install, and close all -# ******************************************************************************* -function on_unexpected_installer_quit(){ - echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume - echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." - else # if not overwrite istall, delete the new volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - fi - # Deactivate all lg and close the LUKS volume - deactivate_and_close - echo "...You can retry Kaiten-yaki again." -} - - -# ******************************************************************************* -# Check whether given signaure is in the system information -# ******************************************************************************* -function distribution_check(){ - if ! uname -a | grep "${DISTRIBUTIONSIGNATURE}" -i > /dev/null ; then # Signature is not found in the OS name. - echo "*******************************************************************************" - uname -a - cat <<- HEREDOC - ******************************************************************************* - This system seems to be not $DISTRIBUTIONNAME, while this script is dediated to the $DISTRIBUTIONNAME. - Are you sure you want to run this script? [Y/N] - HEREDOC - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - - fi # Distribution check - - # no error - return 0 -} - - -# ******************************************************************************* -# Error report and return revsers status. -# ******************************************************************************* -function is_error() { - if [ $? -eq 0 ] ; then # Is previous job OK? - return 1 # If OK, return error ( because it was not error ) - else - cat <<- HEREDOC - **** ERROR ! **** - - Installation process terminated. - HEREDOC - return 0 # If error, return OK ( because it was error ) - fi; -} \ No newline at end of file diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh new file mode 100644 index 0000000..ed16912 --- /dev/null +++ b/script/lib/chrooted_job_ubuntu.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + apt -qq install -y cryptsetup-initramfs + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook + echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + update-initramfs -uk all + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh new file mode 100644 index 0000000..ee58369 --- /dev/null +++ b/script/lib/chrooted_job_void.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir +# shellcheck disable=SC1091 +source config.sh + +# Create a key file for LUKS and register it as contents of the initramfs image +function chrooted_job() { + # Mount the rest of partitions by target /etc/fstab + mount -a + + # Set up the kernel hook of encryption + echo "...Installing cryptsetup-initramfs package." + xbps-install -y lvm2 cryptsetup + + # Prepare a key file to embed in to the ramfs. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile + + # Add a key to the key file. Use the passphrase in the environment variable. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + + # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + + # Putting key file into the ramfs initial image + echo "...Registering key file to the ramfs" + echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf + + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + xbps-reconfigure -fa + echo "...grub-mkconfig." + grub-mkconfig -o /boot/grub/grub.cfg + + # Leave chroot +} + +# Execute job +chrooted_job diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index a18aa8f..96ace9b 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -54,8 +53,9 @@ function main() { # Post-install stage # ******************************************************************************* - # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # Distribution dependent finalizing. Embedd encryption key into the ramfs image. + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -100,70 +100,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Ubuntu dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - apt -qq install -y cryptsetup-initramfs - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook - echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - update-initramfs -uk all - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # ******************************************************************************* diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 87cfcd4..5838747 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -5,14 +5,13 @@ source ./config.sh # Load common functions - source ./lib.sh + source ./lib/common.sh function main() { # This is the mount point of the install target. export TARGETMOUNTPOINT="/mnt/target" - # ******************************************************************************* # Confirmation before installation # ******************************************************************************* @@ -76,7 +75,8 @@ function main() { # ******************************************************************************* # Distribution dependent finalizing. Embedd encryption key into the ramfs image. - post_install_local + # The script is parameterized by env-variable to fit to the distribution + post_install # Normal end return 0 @@ -128,71 +128,6 @@ function para_install_local() { return 0 } -# ******************************************************************************* -# Void Linux dependent post-installation process -function post_install_local() { - ## Mount the target file system - # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ${TARGETMOUNTPOINT} - - # And mount other directories - echo "...Mounting all other dirs." - for n in proc sys dev etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - - # Change root and create the keyfile and ramfs image for Linux kernel. - echo "...Chroot to ${TARGETMOUNTPOINT}." - # shellcheck disable=SC2086 - cat <<- HEREDOC | chroot ${TARGETMOUNTPOINT} /bin/bash - # Mount the rest of partitions by target /etc/fstab - mount -a - - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - xbps-install -y lvm2 cryptsetup - - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile - - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf - - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - xbps-reconfigure -fa - echo "...grub-mkconfig." - grub-mkconfig -o /boot/grub/grub.cfg - - # Leave chroot - HEREDOC - - # Unmount all - echo "...Unmounting all." - umount -R ${TARGETMOUNTPOINT} - - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** - - ...Ready to reboot. - HEREDOC - - return 0 - -} # End of post_install_local() # ******************************************************************************* From d0200d88d80d4f1a2fc093265dc0bfad6c6387af Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:06:15 +0900 Subject: [PATCH 15/97] Fix the name of funciton --- script/lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index cff0f92..00ca95e 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -288,7 +288,7 @@ function para_install_msg() { # Common post-install stage # ******************************************************************************* # In side this script, the chrooted job is parameterrized as by evn variable TARGETCHROOTEDJOB -function post_install_local() { +function post_install() { ## Mount the target file system # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." From fd8e8f0af191f2cc21839fcdcedaf78c57fca001 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:22:16 +0900 Subject: [PATCH 16/97] Fix the mistake of the copy pattern Now, even directiries are copied --- script/lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 00ca95e..11c3fbd 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -301,7 +301,7 @@ function post_install() { # Copy all scripts to the target /tmp echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" - cp -R ./*.sh "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" + cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" # Change root and create the keyfile and ramfs image for Linux kernel. # The here document is script executed under chroot. And here we call From 5930627ee7d546c6cc181295763e934305cc65f5 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 6 Jul 2021 21:22:43 +0900 Subject: [PATCH 17/97] Add explanation moving to script directory --- INSTALL.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 5954a89..bdc6685 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -32,8 +32,11 @@ xbps-install -Su xbps nano ``` The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. -Then, edit the config.txt. - +And then, go to the kaiten-yaki/script directory. +```bash +cd /the/downloaded/directory/kaiten-yaki/script +``` +Now, ready to configure. ## Configuration parameters This is a very critical part of the installation. The configuration parameters are in the config.sh. Edit these parameters before the installation. From 6a1df4f25b7f178ab8a04af0a079e959470380f3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 13:04:39 +0900 Subject: [PATCH 18/97] Update change log. Make chroot'ed job independent script file #11 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec8b588..221ac3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Record of the modification in project development. - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) +- [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11) ### Deprecated ### Removed From f2d4c8fee3941315e31bd5f938bea7cc2835c4c3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 13:08:55 +0900 Subject: [PATCH 19/97] change ERASEALL=0 as default Issue #12 --- CHANGELOG.md | 1 + script/config.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 221ac3f..4633848 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Record of the modification in project development. - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) - [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11) +- [Issue 12 : change ERASEALL=0 as default ](https://github.com/suikan4github/kaiten-yaki/12) ### Deprecated ### Removed diff --git a/script/config.sh b/script/config.sh index 6f0f32f..70e20ee 100644 --- a/script/config.sh +++ b/script/config.sh @@ -8,7 +8,7 @@ export DEV="/dev/sda" # Whether you want to erase all contents of the storage device or not. # 1 : Yes, I want to erase all. # 0 : No, I don't. I want to add to the existing LUKS volume. -export ERASEALL=1 +export ERASEALL=0 # Logical Volume name for your Linux installation. Keep it unique from other distribution. export LVROOTNAME="anko" From ae1a48f8f5e8e05985bf1bf37080e788cae06cef Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 13:33:10 +0900 Subject: [PATCH 20/97] Add ITERTIME parameter Add ITERTIME configuration parameter to config.txt Issue #13 --- script/config.sh | 5 +++++ script/lib/common.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/script/config.sh b/script/config.sh index 70e20ee..6f32dfe 100644 --- a/script/config.sh +++ b/script/config.sh @@ -32,6 +32,11 @@ export LVSWAPNAME="swap" # 1 : Overwrite the existing logical volume as root vlume. 0 : Create new logical volume as root volume. export OVERWRITEINSTALL=0 +# Do not touch this parameter, unless you understand precisely what you are doing. +# This is a paameter value of the --iter-time option for cyrptsetup command. +# If you specify 1000, that means 1000mSec. 0 means compile default. +export ITERTIME=0 + # Void Linux only. Ignored in Ubuntu. # The font size of the void-installer export XTERMFONTSIZE=11 diff --git a/script/lib/common.sh b/script/lib/common.sh index 11c3fbd..43a9bb2 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -169,7 +169,7 @@ function pre_install() { # Encrypt the partition to install Linux echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" - printf %s "${PASSPHRASE}" | cryptsetup luksFormat --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" + printf %s "${PASSPHRASE}" | cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" fi # if erase all From 373006dc9023df44f0eb54a293c1ac712db38451 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 14:07:42 +0900 Subject: [PATCH 21/97] Edit changelog. Add ITERTIME configuration parameter to config.txt Issue #13 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4633848..0c09d7c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added +- [Issue 13 : Add ITERTIME configuration parameter to config.txt #13](https://github.com/suikan4github/kaiten-yaki/issues/13) + ### Changed - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) - [Issue 6 : Remove loglevel dependency from the void-kaiten-yaki.sh ](https://github.com/suikan4github/kaiten-yaki/6) From e2aea91c11656a83b2d10720464175a7d161444c Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 14:10:25 +0900 Subject: [PATCH 22/97] Reformat the comment of config. For the easy modification by nano editor --- script/config.sh | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/script/config.sh b/script/config.sh index 6f32dfe..7e79a78 100644 --- a/script/config.sh +++ b/script/config.sh @@ -10,15 +10,18 @@ export DEV="/dev/sda" # 0 : No, I don't. I want to add to the existing LUKS volume. export ERASEALL=0 -# Logical Volume name for your Linux installation. Keep it unique from other distribution. +# Logical Volume name for your Linux installation. +# Keep it unique from other distribution. export LVROOTNAME="anko" # Logical volume size of the Linux installation. -# 30% mean, new logical volume will use 30% of the free space in the LVM volume group. -# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. +# 30% mean, new logical volume will use 30% of the free space +# in the LVM volume group. For example, assume the free space is 100GB, +# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. export LVROOTSIZE="50%FREE" -# Set the size of EFI partition and swap partition. The unit is Byte. you can use M,G... notation. +# Set the size of EFI partition and swap partition. +# The unit is Byte. You can use M,G... notation. export EFISIZE="200M" export LVSWAPSIZE="8G" @@ -28,11 +31,12 @@ export CRYPTPARTNAME="luks_volume" export VGNAME="vg1" export LVSWAPNAME="swap" -# Do not touch this parameter, unless you understand precisely what you are doing. -# 1 : Overwrite the existing logical volume as root vlume. 0 : Create new logical volume as root volume. +# Do not touch this parameter, unless you understand what you are doing. +# 1 : Overwrite the existing logical volume as root vlume. +# 0 : Create new logical volume as root volume. export OVERWRITEINSTALL=0 -# Do not touch this parameter, unless you understand precisely what you are doing. +# Do not touch this parameter, unless you understand what you are doing. # This is a paameter value of the --iter-time option for cyrptsetup command. # If you specify 1000, that means 1000mSec. 0 means compile default. export ITERTIME=0 From 2a6f8619003e0bc47808500e5a04fbb6346ac676 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 21:32:01 +0900 Subject: [PATCH 23/97] Change config.sh description Added explanation of ITERTIME parameter. Change ERASEALL default value. Update the config file contents in INSTALL.md Issue #14 --- INSTALL.md | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index bdc6685..4dd8f6e 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -42,7 +42,7 @@ This is a very critical part of the installation. The configuration parameters a Followings are the set of the default settings of the parameters : - Install to **/dev/sda** (DEV). -- Erase the entire disk (ERASEALL). +- Do not erase the entire disk (ERASEALL). - Overwrite install is disabled. - In the case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE). - Create a logical volume group named "vg1" in the encrypted volume (VGNAME) @@ -56,32 +56,41 @@ Followings are the set of the default settings of the parameters : export DEV="/dev/sda" # Whether you want to erase all contents of the storage device or not. -# 1: Yes, I want to erase all. -# 0: No, I don't. I want to add to the existing LUKS volume. -export ERASEALL=1 +# 1 : Yes, I want to erase all. +# 0 : No, I don't. I want to add to the existing LUKS volume. +export ERASEALL=0 -# Logical Volume name for your Linux installation. Keep it unique from other distributions. +# Logical Volume name for your Linux installation. +# Keep it unique from other distribution. export LVROOTNAME="anko" # Logical volume size of the Linux installation. -# 30% means the new logical volume will use 30% of the free space in the LVM volume group. -# For example, assume the free space is 100GB, and LVROOTSIZE is 30%FREE. The script will create a 30GB logical volume. +# 30% mean, new logical volume will use 30% of the free space +# in the LVM volume group. For example, assume the free space is 100GB, +# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. export LVROOTSIZE="50%FREE" -# Set the size of the EFI partition and swap partition. The unit is Byte. you can use M, G... notation. +# Set the size of EFI partition and swap partition. +# The unit is Byte. You can use M,G... notation. export EFISIZE="200M" export LVSWAPSIZE="8G" # Usually, these names can be left untouched. -# If you change, keep them consistent through all installations in your system. +# If you change, keep them consistent through all instllation in your system. export CRYPTPARTNAME="luks_volume" export VGNAME="vg1" export LVSWAPNAME="swap" -# Do not touch this parameter unless you understand precisely what you are doing. -# 1: Overwrite the existing logical volume as root volume. 0: Create new logical volume as root volume. +# Do not touch this parameter, unless you understand what you are doing. +# 1 : Overwrite the existing logical volume as root vlume. +# 0 : Create new logical volume as root volume. export OVERWRITEINSTALL=0 +# Do not touch this parameter, unless you understand what you are doing. +# This is a paameter value of the --iter-time option for cyrptsetup command. +# If you specify 1000, that means 1000mSec. 0 means compile default. +export ITERTIME=0 + # Void Linux only. Ignored in Ubuntu. # The font size of the void-installer export XTERMFONTSIZE=11 @@ -94,7 +103,7 @@ There are several restrictions : - The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation only. - The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively. - The name with "-" is not allowed for the VGNAME, LVROOTNAME, and LVSWAPNAME. I saw some installer doesn't work if "-" in in the name. -## About the overwrite-install +### About the overwrite-install The OVERWRITEINSTALL parameter allows you to use an existing logical volume as the root volume of the new installation. This is very dangerous because of several aspects like destroying the wrong volume and the risk of security. But sometimes it is very useful. @@ -112,6 +121,15 @@ And set the following parameters as same as the previous installation. - CRYPTPARTNAME So, Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. +### About ITERTIME parameter +This parameter is recommended to left as default value (=0), unless you understand what it mean well. + +The ITERTIME parameter is passed as --iter-time parameter to the [cryptosetup command](https://man7.org/linux/man-pages/man8/cryptsetup.8.html), when script setup the LUKS crypto volume. + +The unit of value is milliseconds. The target linux kernel may take this duration, to calculate a hash value from the given passphrase. You can change this duration through this parameter. + +The smaller value gives the weaker security. + ## First stage: Setting up the volumes After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as the root user, and you have to use Bash. From 7ec2046e5a9b9e2745e2c083f103e877522b65b5 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 22:41:53 +0900 Subject: [PATCH 24/97] Add ITERTIME parameter to the rooted_job() ITERTIME parameter is not passed to the chrooted_job Issue #15 --- script/lib/chrooted_job_ubuntu.sh | 2 +- script/lib/chrooted_job_void.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index ed16912..ce85d61 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -22,7 +22,7 @@ function chrooted_job() { # Add a key to the key file. Use the passphrase in the environment variable. echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. echo "...Adding LUKS volume info to /etc/crypttab." diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index ee58369..8482b01 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -22,7 +22,7 @@ function chrooted_job() { # Add a key to the key file. Use the passphrase in the environment variable. echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. echo "...Adding LUKS volume info to /etc/crypttab." From 97d3a46b728fcdefbeb0228d2a1bbf5f75303b54 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 7 Jul 2021 22:57:40 +0900 Subject: [PATCH 25/97] Update Changelog. ITERTIME parameter is not passed to the chrooted_job Issue #15 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c09d7c..1337cbf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,11 +12,13 @@ Record of the modification in project development. - [Issue 7 : Add the return status validation ](https://github.com/suikan4github/kaiten-yaki/7) - [Issue 11 : Make chroot'ed job independent script file ](https://github.com/suikan4github/kaiten-yaki/11) - [Issue 12 : change ERASEALL=0 as default ](https://github.com/suikan4github/kaiten-yaki/12) +- [Issue 14 : Change config.sh description ](https://github.com/suikan4github/kaiten-yaki/14) ### Deprecated ### Removed ### Fixed - [Issue 8 : Wrong message after cancellation ](https://github.com/suikan4github/kaiten-yaki/8) +- [Issue 15 : CITERTIME parameter is not passed to the chrooted_job ](https://github.com/suikan4github/kaiten-yaki/15) ### Known Issue From be32e5e387cfdf7fa2c990a137f9e3d3dbd14e96 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 07:47:23 +0900 Subject: [PATCH 26/97] Update comment No program change. --- script/lib/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 43a9bb2..4f732b8 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -298,7 +298,7 @@ function post_install() { echo "...Mounting all other dirs." for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - # Copy all scripts to the target /tmp + # Copy all scripts to the target /tmp to in chroot session. echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" @@ -306,7 +306,7 @@ function post_install() { # Change root and create the keyfile and ramfs image for Linux kernel. # The here document is script executed under chroot. And here we call # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh". - echo "...Chroot to ${TARGETMOUNTPOINT}." + echo "...Chroot to ${TARGETMOUNTPOINT}. and execute chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" # shellcheck disable=SC2086 cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash cd /tmp/kaiten-yaki From 40264ce02f6ebbe965990b8dd11ae18ac1451613 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 21:19:16 +0900 Subject: [PATCH 27/97] Refine the comment. --- script/lib/chrooted_job_ubuntu.sh | 14 +++++--- script/lib/chrooted_job_void.sh | 56 +++++++++++++++++-------------- script/lib/common.sh | 7 ++-- 3 files changed, 43 insertions(+), 34 deletions(-) diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index ce85d61..2d953ca 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -9,26 +9,30 @@ function chrooted_job() { # Mount the rest of partitions by target /etc/fstab mount -a - # Set up the kernel hook of encryption + # Prepare the crypto tool in the install target echo "...Installing cryptsetup-initramfs package." apt -qq install -y cryptsetup-initramfs - # Prepare a key file to embed in to the ramfs. + # Prepare a new key file to embed in to the ramfs. + # This new file contains a new key to open the LUKS volume. + # The new key is 4096byte length binary value. + # Because this key is sotred as "cleartext", in the target file sysmte, + # only root is allowed to access this key file. echo "...Prepairing key file." mkdir /etc/luks dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none chmod u=rx,go-rwx /etc/luks chmod u=r,go-rwx /etc/luks/boot_os.keyfile - # Add a key to the key file. Use the passphrase in the environment variable. + # Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot. echo "...Adding a key to the key file." printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. + # Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" echo "...Adding LUKS volume info to /etc/crypttab." echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - # Putting key file into the ramfs initial image + # Add key file to the list of the intems in initfsram. echo "...Registering key file to the ramfs" echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index 8482b01..2d50a73 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -6,39 +6,43 @@ source config.sh # Create a key file for LUKS and register it as contents of the initramfs image function chrooted_job() { - # Mount the rest of partitions by target /etc/fstab - mount -a + # Mount the rest of partitions by target /etc/fstab + mount -a - # Set up the kernel hook of encryption - echo "...Installing cryptsetup-initramfs package." - xbps-install -y lvm2 cryptsetup + # Prepare the crypto tool in the install target + echo "...Installing cryptsetup-initramfs package." + xbps-install -y lvm2 cryptsetup - # Prepare a key file to embed in to the ramfs. - echo "...Prepairing key file." - mkdir /etc/luks - dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none - chmod u=rx,go-rwx /etc/luks - chmod u=r,go-rwx /etc/luks/boot_os.keyfile + # Prepare a new key file to embed in to the ramfs. + # This new file contains a new key to open the LUKS volume. + # The new key is 4096byte length binary value. + # Because this key is sotred as "cleartext", in the target file sysmte, + # only root is allowed to access this key file. + echo "...Prepairing key file." + mkdir /etc/luks + dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none + chmod u=rx,go-rwx /etc/luks + chmod u=r,go-rwx /etc/luks/boot_os.keyfile - # Add a key to the key file. Use the passphrase in the environment variable. - echo "...Adding a key to the key file." - printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile + # Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot. + echo "...Adding a key to the key file." + printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile - # Add the LUKS volume information to /etc/crypttab to decrypt by kernel. - echo "...Adding LUKS volume info to /etc/crypttab." - echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab + # Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" + echo "...Adding LUKS volume info to /etc/crypttab." + echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - # Putting key file into the ramfs initial image - echo "...Registering key file to the ramfs" - echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf + # Add key file to the list of the intems in initfsram. + echo "...Registering key file to the ramfs" + echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf - # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." - xbps-reconfigure -fa - echo "...grub-mkconfig." - grub-mkconfig -o /boot/grub/grub.cfg + # Finally, update the ramfs initial image with the key file. + echo "...Upadting initramfs." + xbps-reconfigure -fa + echo "...grub-mkconfig." + grub-mkconfig -o /boot/grub/grub.cfg - # Leave chroot + # Leave chroot } # Execute job diff --git a/script/lib/common.sh b/script/lib/common.sh index 4f732b8..ec076b5 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -298,14 +298,15 @@ function post_install() { echo "...Mounting all other dirs." for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done - # Copy all scripts to the target /tmp to in chroot session. + # Copy all scripts to the target /tmp for using in chroot session. echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" # Change root and create the keyfile and ramfs image for Linux kernel. - # The here document is script executed under chroot. And here we call - # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh". + # The here-document is script executed under chroot. At here we call + # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh", + # which was copied to /temp at previous code. echo "...Chroot to ${TARGETMOUNTPOINT}. and execute chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" # shellcheck disable=SC2086 cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash From e5417d78a3aa7c596ef4075e1b0574838ae2d828 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 22:35:18 +0900 Subject: [PATCH 28/97] Fix the unmount fails Trial fix. Change the --rbinds to --make-slave. #17 --- script/lib/common.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index ec076b5..b5fd1b4 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -296,7 +296,9 @@ function post_install() { # And mount other directories echo "...Mounting all other dirs." - for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done + mount --make-slave "${TARGETMOUNTPOINT}" + mount --rbind /etc/resolv.conf "${TARGETMOUNTPOINT}"/resolv.conf +# for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done # Copy all scripts to the target /tmp for using in chroot session. echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." From c9b69412948af77851454653cb6644c1c0de3e1a Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 22:48:19 +0900 Subject: [PATCH 29/97] Revert "Fix the unmount fails" This reverts commit e5417d78a3aa7c596ef4075e1b0574838ae2d828. --- script/lib/common.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index b5fd1b4..ec076b5 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -296,9 +296,7 @@ function post_install() { # And mount other directories echo "...Mounting all other dirs." - mount --make-slave "${TARGETMOUNTPOINT}" - mount --rbind /etc/resolv.conf "${TARGETMOUNTPOINT}"/resolv.conf -# for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done + for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done # Copy all scripts to the target /tmp for using in chroot session. echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." From 2ae4d6cd269840e324150fbb12f00881ad074d44 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 23:09:02 +0900 Subject: [PATCH 30/97] Add -l option ot unmount to surpress the "busy" error --- script/lib/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index ec076b5..ba80dff 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -315,9 +315,9 @@ function post_install() { source "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" HEREDOC - # Unmount all + # Unmount all. -l ( lazy ) option is added to supress the busy error. echo "...Unmounting all." - umount -R "${TARGETMOUNTPOINT}" + umount -R -l "${TARGETMOUNTPOINT}" # Finishing message cat <<- HEREDOC From 20826f2f6903a2263ebcfcab88af068df9e178f3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 8 Jul 2021 23:10:39 +0900 Subject: [PATCH 31/97] Update changelog Unmount fails #17 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1337cbf..af2b381 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ Record of the modification in project development. ### Fixed - [Issue 8 : Wrong message after cancellation ](https://github.com/suikan4github/kaiten-yaki/8) - [Issue 15 : CITERTIME parameter is not passed to the chrooted_job ](https://github.com/suikan4github/kaiten-yaki/15) +- [Issue 17 : Unmount fails ](https://github.com/suikan4github/kaiten-yaki/17) ### Known Issue From bde36aa1ea3b74933872172b9bc69a03dab3e2fe Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 12:06:52 +0900 Subject: [PATCH 32/97] Refine the display message. No change on the executable code. --- script/lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index ba80dff..8fcb0ea 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -299,7 +299,7 @@ function post_install() { for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done # Copy all scripts to the target /tmp for using in chroot session. - echo "...Copy files in current dir to ${TARGETMOUNTPOINT}/tmp." + echo "...Copying files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" From badafda222079950475374dd083fd56750e041a9 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 12:31:42 +0900 Subject: [PATCH 33/97] Update the README and INSTALL --- INSTALL.md | 24 ++++++++++++------------ README.md | 16 ++++++++++------ 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 4dd8f6e..e19f912 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -13,19 +13,19 @@ The first stage of the script is preparation like: erasing a disk, format partit In the second stage, the distribution-dependent GUI/TUI installer is invoked from the running script. That is the Ubiquity/void-installer of Ubuntu/Void Linux, respectively. -The third stage is easy. There is nothing the user can do. Everything is automatic. +The third configure the target Linux system to decrypt the encrypted volume automatically, without prompting user to type passphrase. In this stage, Everything is automatic. # Installation Follow the steps below. ## Shell preparation -First of all, promote the shell to root. Almost of the procedure requires root privilege. Note that the scripts require Bash. +First of all, promote the shell to root. Almost of the procedure in the installation requires root privilege. Note that the scripts require Bash. -In the case of Ubuntu : +In the case of Ubuntu installation: ```bash # Promote to the root user sudo -i /bin/bash ``` -In the case of Void-Linux : +In the case of Void Linux installation: ```bash sudo -i /bin/bash xbps-install -Su xbps nano @@ -47,7 +47,7 @@ Followings are the set of the default settings of the parameters : - In the case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE). - Create a logical volume group named "vg1" in the encrypted volume (VGNAME) - Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE) -- Create a logical volume named **"anko"** for / in the "vg1". The size of the **50%** of the entire free space (LVROOTNAME, LVROOTSIZE). +- Create a logical volume named **"anko"** as root volume, in the "vg1". The size of the new volume is the **50%** of the free space (LVROOTNAME, LVROOTSIZE). ```bash # Configuration parameters for Kaiten-Yaki @@ -97,9 +97,9 @@ export XTERMFONTSIZE=11 ``` There are several restrictions : -- For the first distribution installation, you must set ERASEALL to 1, to erase the entire screen and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible. -- The LVROOMNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminates in a middle. -- The LVSWAPNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. +- For the first distribution installation, you must set ERASEALL to 1, to erase the entire storage device and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible. +- The LVROOTNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminates in a middle. +- The LVSWAPNAME must be identical among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. - The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation only. - The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively. - The name with "-" is not allowed for the VGNAME, LVROOTNAME, and LVSWAPNAME. I saw some installer doesn't work if "-" in in the name. @@ -108,7 +108,7 @@ The OVERWRITEINSTALL parameter allows you to use an existing logical volume as t This is very dangerous because of several aspects like destroying the wrong volume and the risk of security. But sometimes it is very useful. -For example, assume you are installing a distribution by Kaiten-yaki. If you reboot the system at the end of GUI/TUI installer by mistake, your system will never boot again. +For example, assume you are installing a distribution by Kaiten-yaki. If you reboot the system at the end of GUI/TUI installer by mistake, your system may never boot again. In this case, the overwrite-install can recycle this "bad" logical volume and let your system boot again. To use the overwrite-install, you have to set some parameters as follows: @@ -120,7 +120,7 @@ And set the following parameters as same as the previous installation. - VGNAME - CRYPTPARTNAME -So, Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. +Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. ### About ITERTIME parameter This parameter is recommended to left as default value (=0), unless you understand what it mean well. @@ -142,7 +142,7 @@ In the case of Void Linux ```bash source void-kaiten-yaki.sh ``` -After several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error. +After several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the first distribution installation. ## Second stage : GUI/TUI installer After the first script finishes, the GUI/TUI installer starts automatically. Configure it as usual and run it. Ensure you map the following correctly. @@ -166,7 +166,7 @@ At the end of the GUI/TUI installing, do not reboot the system. Click "Continue" ## Third stage: Finalizing After GUI/TUI installer quits without rebooting, the final part of the install process automatically starts. -In this section, Kaiten-yaki put the encryption key of the LUKS volume into the ramfs initial stage to allow the Linux kernel to decrypt the LUKS partition which contains root logical volume. So, the system will ask you passphrase only once when GRUB starts. +In this section, Kaiten-yaki put the encryption key of the LUKS volume into the ramfs initial stage to allow the Linux kernel to decrypt the LUKS partition which contains root logical volume. Thus, the system will ask you passphrase only once when GRUB starts. You can reboot the system if you see the "Ready to reboot" message on the console. diff --git a/README.md b/README.md index 02f196d..309ba27 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # Kaiten-yaki: Full disk encryption install script for Linux -Kaiten-yaki is a script set to install to your desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. +Kaiten-yaki is a script set to install Linux to your desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. The followings are the list of functionalities: - Ubuntu and Void Linux. -- Install from LiveCD/USB. +- Help to install from LiveCD/USB. - Invoke GUI/TUI installer automatically at the middle of script execution, for the ease of installation. - Automatic detection of BIOS/EFI firmware and create MBR/GPT, respectively. - Create an EFI partition, if needed. @@ -14,7 +14,7 @@ The followings are the list of functionalities: With the configuration parameters, you can customize each installation. For example, you can configure the system to have 2, 3, or 4,... distributions in an HDD/SSD, as you want. -Following is the HDD/SSD partitioning plan of these scripts ( In the case of BIOS, the disk has MBR and doesn't have an EFI partition, while it is depicted here). +Following is the HDD/SSD partitioning plan of these scripts ( In the case of BIOS, the disk has MBR and doesn't have an EFI partition). ![Partition Diagram](image/partition_diagram_0.png) @@ -27,21 +27,25 @@ These scripts are tested with the following environment. - VMWare Workstation 15.5.7 ( EFI/BIOS ) - ThinkPad X220 (BIOS) - Ubuntu 20.04.2 amd64 desktop +- Ubuntu 21.04 amd64 desktop - Ubuntu Mate 20.04.2 amd64 desktop - void-live-x86_64-20210218-mate.iso - void-live-x86_64-musl-20210218-mate.iso - void-live-x86_64-20210218.iso # Installation -Start the PC with the LiveCD/LiveUSB of the distribution to install. Download this repository from GitHub, and expand it. +Rough procedure of the installation is as followings : +1. Start the PC with the LiveCD/LiveUSB of the distribution to install +1. Download this repository from GitHub +3. Run the script. -Then, go to the script directory and follow the procedure in the [INSTALL.md](INSTALL.md) +The detail procedure is explained in the [INSTALL.md](INSTALL.md). # Known issues If you install two or more Void Linux into the EFI system, only the last one can boot without trouble. This is not the problem of Kaiten-yaki. # Variants considerations -Ubuntu has several variants ( flavors ). While I have tested only MATE flavor, other flavors may work correctly as far as it uses Ubiquity installer. +Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. From 8ad1362a3bdf16c3a3958279c9487c2bb30f31a3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 14:05:23 +0900 Subject: [PATCH 34/97] Add an01 Add a document of how to receover from the mistyping of passphrase Issue#21 --- appnote/an01_howtorecover.md | 62 +++++++++++++++++++++++++++++++++++ image/an01_bios.png | Bin 0 -> 5718 bytes image/an01_efi.png | Bin 0 -> 10519 bytes image/an01_normal.png | Bin 0 -> 7280 bytes 4 files changed, 62 insertions(+) create mode 100644 appnote/an01_howtorecover.md create mode 100755 image/an01_bios.png create mode 100755 image/an01_efi.png create mode 100755 image/an01_normal.png diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md new file mode 100644 index 0000000..c715be6 --- /dev/null +++ b/appnote/an01_howtorecover.md @@ -0,0 +1,62 @@ +# How to recover from the mistyping of the passphrase +The mistyping of the passphrase is painful, in the full disk encrypted Linux. + +In the usual encrypted Ubuntu install by Ubiquity, mistyping os passphrase is warn by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the under to use a long passphrase. + +![bios](../image/an01_bios.png) + +This application note explains how to recover from this condition, quickly. + +# BIOS system +In the BIOS system, the recovery is pretty easy. + +In the case of the mistyping passphrase, GRUB goes into rescue mode. In this mode, the user can recover from 3 commands. + +``` +cryptomount -a +insmod normal +normal +``` + +The **cryptomount** command tries to mount the specific encrypted partition to boot. To mount it, the GRUB prompts the user to type the passphrase. The "-a" option specifies all encrypted partitions. If the system is encrypted by Kaiten-yaki, it has only one encrypted partition. So, this is the easiest way. + +The **insmod** command loads the specified GRUB command module from the mounted storage and inserts it into the command list. The second line loads the "normal" command which displays the normal menu to the user. + +Finally, **normal** command shows the normal boot menu to the user. + +Now, the user can select the system to boot as usual. + +# EFI system +In the EFI system, recovery needs extra steps compared to the BIOS system. + +Alternatively, GURB is not in the rescue mode but the normal mode, even the passphrase is mistyped. So, the user can use command completion. This is better than the BIOS system. + +The first step of the recovery is the same with the BIOS system. +``` +cryptomount -a +``` +Again, in the EFI system, the user can use the command completion by pressing the [TAB] key. + +The second step is unique in the EFI system. By using **ls** command check the list of volumes existing in the system, and identify which volume contains the grub menu. And then, pick that volume and assign it to the **prefix** variable, with grub path. + +Following is the example. The (lvm/vg1-mate) is dependent on the system. It has to be substituted by the appropriate volume name for each system. + +``` +ls +set prefix=(lvm/vg1-mate)/boot/grub +``` + +Then, the third step is the same with the BIOS systems. + +``` +insmod normal +normal +``` +Following is the screenshot of the command sequence to recover the mistyping of the passphrase. + +![bios](../image/an01_efi.png) + +## Summary +In the full disk encrypted system, mistyping of the passphrase is more painful than the partially encrypted system. The user can overcome this situation with several steps of commands and can show the normal boot menu. + +![bios](../image/an01_normal.png) diff --git a/image/an01_bios.png b/image/an01_bios.png new file mode 100755 index 0000000000000000000000000000000000000000..034f2e73da997a3690aa576240190a9a07c65bfd GIT binary patch literal 5718 zcmb_gc{E%5zTa(6j#F;yRE1ND9%Ip(hZ@RNQz=R$X3-+%P%}04=uxHU5maNIOG4Bb z#8C4!Mr#%k5>w4F&t7`&yX(ER-oNj=)^A>W|MvcVKi@IN*hu#pGZ!-e0N3;$Ye4|u zay?_7{>x=X|Gk_2fH7S1h3Gy4aD%tMGZsHNYZz((K*f8O)8`<@`s$0vmc9URz5PeK z)a_O5$k_bdPus#z(+Ba~&(+KG4%8Ki0A!?Oq?M%6!dcxovX6xPU>^ zOBdnEbg%q6J;BS0#rNsnn0`feRk`%j!S*zSpi^h&nwhS%6mdh4mz9{ zgvC{osno=ke|9SuW6&0@)lUo{LmfFpsAETJou|fRnQ#v#Dw(PfcQbi!gyTfs!yGou z|5OOmWI)J-j$+n@N&hmRl$xyQ<2375^IM0Le+L=~YnB=)#b!@2(PCQY1n(2>n1)G{ z*01z9a{ScX<8L}L8EDsgK7O#kB3A*W0mX_OR$G_?Uz&owQ|xc={89st`q5ObMcGTU zWOB1z>jWX)<f6-OhD*dZ5Y^g+$Fgxwmhx2eC z{CT#Hf))_coK}cYC)52peV(7_rs@GCuFe57TD5Q>X=`L-fxNgeULq(8)O|ZYP)PGM zMjc6r@(Sd`aD>ztmK|yqnJoSl=}?waUU{^`lK_#PLEiEFbVYBU&2V|lqbA8gaNl@f zH@TWrlQQ4}i^CV{grp@Gm@x>jRk)UE;+0_jvbTsRqdaMHJNm_~OQ9Iu zu$DIQlfeVOOquKgwO>*>zc8KPPcN!E(+@yib(~%Yem$9MB#BOet(?CR_wPmYrmLx8m~ez0=-MX2rkF1Er<%Chjed8L@1QfIyj zO9DS)fF5~&z#zzy!D}@|L?hbOVZ=f)i`@W1K%wDd@12X8KFu0L=il#5%Z4OI?le6w zI7jzvEOe<%os;H9Rfo4#5?WZ@4)0{|#_}nrZmjwgx7B0HQc1ssHI{|l#??sIj|X(U zZ<@+C3OE@3bHj%vp*L^4W&47g;6@UMOEgL3T|09#6Q#RyrG1pw)40hQP=nP8ffd^K z#+luEx)7q2ZFbFJQcN6H^HD}Ry@0K`_qy-_WcrPF+k5~OEGIV#x0UsEgxV!y1|7L~ zu=W@N?RAH(J*)6{sYLea1^4$79+}~L&>=2s>@*I;zb<<6=f~|Fo{qz9uxaZ?aETN5 zdyL17PKM2Z!9HUjibX}bLx=QXnHiAVvYst=zX#i%fiVe%@gKz|c({HjR3|zgMviZ2 zS8?Wg*Z;{TP%rQ!vEN^02_!Gafu^`uyZPOYZXOE?=n&~n<4RZ&={}Om79~IPtk&`# zFGJ%;%o60CnbYbzsztSRy7O~ajrvkQHU?Q2qzPAeSmzFyX``N}$RG=3tf<0@C=>a2 z9hI^yB=NfrW7itKbTyzALrhP0G<{!58nG`F?_QsY54e-sOVw0_f5a zv(3$nGD5n{d9D&~xtZ-#0w0n#a=pMDYmhzI>>z}GVpH3SaELrq#QOc6t znLS00Q?)}AuIp19v42#ZhM5iZ`FnxoG$LGS_9Q1S)#OuX=rwv95=`#R@2(aWaD2Yqxkxl&1A(~dJq4B zQJAU_-=AfYMeS6oV@sKIu?fmeITn_%v5M;%{7V~em&YmM%a8Dq?UC!W`Es_VjLn%W zD5?SS?F|H{MWJlh$KhUg6JLrxl?+n$U)J9}N#3CZX)!TCZr#+PzxxP5i`Vu0>@H`@ z*T3Tr?_L)>-Fka{!*P5balsuSzc+qoOv0wpE#!XImVHOq-X9C?g8qd^3e#q%eG8uI0Qr|7~#7KGwWG zq%$c8i_xnQR1|YjMYLkjXqZe=EccNV?~{8%-p_3i)JHeRg-f))^%Os=6r96WYqi%F zY3qoV1e6Lt;f_lz$oX{70*tm4((CP5!(o_Yt5QMOC|T@$TBMI0LW3tHpe(23Y9L3W zI+&KXc6Vd@YF3#U+C!0D!IJLFuz>^07#rg+pMN=PB^2YUDz=hE9t6+YuT|9DoM`)Cz zMPb1;BeP|*D?n&{Nx8=I;`4~wz(m0m3+qt?UQv|xhhw=Q*fqh6-CRf%0A_51%_cT# z6}g&O8$HMay15{20yT@Qho=R>AK3ak*+Hj`;TQ;yr3cG(?9ZHB!*R}PekUu z?oR+^aUl!5)^r|;53%{OQNl?vE2rE5np@8|k=4&Lay(EnETBx{SE+H1I2M}3qOsu; z*4}|`focl%A&5zfS-@^0u*cpLI82dtmJBRF1~C=yh|l4tKj36B+DP%3*RK7&4yWjNvOCX@o(duv3Z2_}U-PLqeY1;hIoYG`8| zlB#c*#zGtD1<&S(<@%4R-OlIX;Ot3UEC_t*m8A5Z{4Y&P0TiJms6BENH1eLpJEpvb zvnr;cBFQ6t5bV*yo^|CL;MFH_BJ=*w_qoDl$%S=XtZfURS9sGbuxB;}#H`jSKCOMq z|3W?F&(m$6g-f%eBX+Or$i*#(Nad{aZ9{PmrB27ziO=WI`M=QdAIL_uPv=VyB|Jn9 zoE~2J5_gvU`mYsSQbGTtRs^QRjXn|W>C^3)^6B1#dUG3UyM-@<8Q;fB0{rqLaU|5Bmf(MI5Tt_NVmGE4G*ckC>yGLjT*?;itdQEPRw-dLLn;+aMIc+Vt z8IO5pGr@t5c?=6kCBDbhAP3wIHiirXWZ1AZ@im>;9Lbid_*>*A`wJ%-A!MstOk5?h zHD3or>dISC5biTW#=T*gV&>I@aP>x?-tKtFDc#Uwgm1H4H%yx};=6|9YBne7MEGMp2VeN!Jd#|4gI zGJ!Rcv4jAjw(E<*IIuTUZ5{*_b<&oMhgbz#pUYoDA<%m}MDEH7(zw%u%Z-yUi*4V}!oC7NJ5&JDGuiJ@s-rQYRdxb@-j9*yRn0HoH^Y&%8Nv)zntK z%bRSP*6&aHOVFPmTy7L9sdSlR9kn=jk^%X-{CDwoUGPBU|jn$Y(T-?MfMGanmwOX!t>{YZJ?7%;<@ ze2W+1(FxAx+`>)mH`sRWKnncndOYO8MFQItty5B^Qv&m1qeguIdWTvWG>d*HEr z2!E&>@+bzQ5c}-jzg9iyRosiu`lci9+J0W`5!m(}r69)Iq_u;* zO$7@}I(^fDtr&YLOqv@8RAN_pd64C4UYfEkr++z07K-&bOVe&3GZwNGJkmY{E?Hwj zTOxU4-tZCaX3f0`C;${fkziw7_EY z`u2#vCo#skEKFP|Ft?J9r`13V~l!B zQWt;t5b8D(O2{NOT8utVEkvzl3QI!e4cP;Qj?G4Dv(4p8aa|!5i)UIsJD-#+w`_LS z%j#{5oHNWfzB-?!okl%4j-80YL|mutW144HU*duijxD}t`Jj~FdF9&j9{&;Yl5VoY zrGqS}NeTW}VQp6txJUX zn4>E>W)htY@}G9X#v4GSq^)3`h-4(mHwpQ%?z8n!q;j}1H_SW9!yM$ia^(=dZ#1`g zhyGiTWa#e9re?U80K)+P#d>sb2T*-<>Jirx+o3{r`0d}u*5Y$m)pbhQ6(FcC!oMZP zt}`Za#dCgmiU3V-m=)Iy-tj5UF31@#nI{kgQ{JYVxsNmBDw;SHwihK`wtJg^S(2kV z(_Ekc{cU8plz!7?b&z`Va6p6hRYQxJsX$k}%E*_8V`=JVy-N}VE?_IF(is$TarO~E zYdVO)KMG7`B8!%-d8(J^gct&V*Zk%ta)kS(Dh^uWn8KRm1|BG#@5DN|RZt7y7e`g~P&Ik(sZ>AU5$9R&f;wKW({XkBOsKV# zE%Z9Z!uSU8<$Le=ozt?~Fd}&-+H0*Y%o+c-#ZH_$^;XzCdAldJ+Wlz(Lk|=+lAf+@ zxm*DNo9{Cedg$^8*CcBpywaJ%bRpyTz`^fAtw~c7?4A(71kAoXP!rE^nNuk33AeT_ z9)f}WkY{dfT;f3yL;z5IykGiEu?-!PyWtx+BVVIBBh&P(lw!2wk=_tJTB2VPKBA*W zQpws}Z>RRbg@Ff**lz1!_^=C;zOe5ULc0O-AJT^qYQtjLrh-JmZwD9X2Pa~ta3&h{ z@_11iA8!eSG~FVqZscN@J&mN@^OmIDSh~4LGR_RT(*u`Y=(ZNFs$~YY(0=N78UOR@ zEfb@JCDrlzN3rWa#J5PS6*W$IE zK0Nuy;O)(Cjt)CX{7XeB*Yy`#!v>`#&mk}T8dZJ*W|b}m3p};=mwY$%qNj##llA3q zm+3=9DvcU%0RZpPW>s4~UXk2maH}Qd+solb2@}P?17jkcbG6jGOs=(^3CN+ZZh}wY z#d8l!q0l_9Jh`)cEk$0X)mls>PD|u=X11xkc^&{%+r73RfP}I4YRq=P9gDPzjUu(u z4)o5LStbsdA759)4$L;Kok|EJXk``01+rHgFlo>yj&i?mK-M2ji6`O{*&Ahlq%aDW z@(`GmG>UyU8HDBU5i>PRU=(Qp)o5~tUj#!GA}eB@1KBYtU}FZy&C^l zeiFp86wwkHape-_Apm?~dT_CHNA2*&^OF*m@U_dpmhH@mv#?}Q_Z?nN0I*vaZ_z^@ zJmTq2&todohjp_prGMno+n3R6jY{5x@jQVTPYD4)=x6otCD~D1W2QcQmvyJ{@0`vn z6P?%Nbx(5yi%etCu>1!Az~{Q+{%eDZXCRT(s>w6;#P_r|vs53#0*&nk0bdk@(l^aN zb5}9)j}|1p1c7ntt;=Nu?|cBzSc(ret2?Xtr*R(ld%?g1P3Ta{GAl3pkIy>`XPEt? zbE2$<>ev7&I^}^coS?7yd(XjHZa%_@@~r%Wm%c1B4F)* z0$y#}AGEC)T?K&V=@z>0LQtHkAQ5ik41BRJZuz@%KzWu_kyRNkZfE{(;9{BqEoOtEfnk$Ny z;vGkpJ9jphzG%~W-K&u8`QYOT+Q$CNN3I1vPH*W z0Ki|rfxQpx+G70)&~b8OJ^)+|2dsdw}7HXE~w@^S(f)M z@w19`+EIjdhB2fJ)#!McvFIXJJ%-Y-C+qIIN4@^}9i%Sn2uZY}46pctRKhf9iimF9 z&k=mmx4!qB_FZzo^jJ?f~I2~d{J5hm7!&3buw2q zLUR-sW_uz`U#<;tBzTTS>bk}BCGShQ z8(BXTT75LUGmR6rX;rJwNW=&B4qQZ~hhuOBVkC{J<6Rs^DT)M8XZlfvop8tLZjOXZYUI66roBg(dRh+Tjm$0(AC3l<#8<|J>Jx5dPs43SWyu9)j2iCCx0o7dkRVK1h;A{2}z3BPVEkIodz3zFiGGCJ)jmP7SE zw%S`4BSE3@+!l*9e0gm`d2RKE$ZO5arOGOq=r#M7g_ebYW<@{};S8xTZY$~gr*RQ8 zb#jL-**~)l>~B?@g$qu;^)*z>E5rEfLTu|K!HvIDz_^k0bkHcd9@a|}{nCH`94*}u zSzkc7S5sfKO;{6OQ~rFkb$PWDENq9nkb!FN&;{bENaWbR{y=ZE=5 zCv(S=>FiQu12%WWdpBY}O3-lHC97EcyL9+do~X4xRqj)z43;`I^B6_Eby(VC)1}-G zf=3+tJg9x95DmK1Jw)z-S2{1GH|=ylI*Jrmg9#7m(a)+%V8;A{W<^xY+gzr&Dx?@!~T{Utn)ZkhA^(btXFTGkUnIlhc)$(_{urrP4% zqX?^Hu^M1|#Gy<4bBp&#&A(%C!E zmRUUAXeKw3AdNpu%?oCakx?%)h!63%Z0Ejgtbv3AG&xX!FfZKV&Hh`S>ux!GXl|(zI!ezOE`SD!lFNhZz!o3Rh%qDj!G2b0;fp3{6c7 z=B?b78O1HTVr&<>IyQmZ;n^tG|cY8EogpRbq#nelrj#>Cv3WV)q9-HO3EqLNU> z{N_=zq^2tsJ(qsFvTbkF*mm)5;(*JJ!)2(3Yl7njEsr%yW(Ls> znY71wsku#^oN8s=UdydwL!+CTAj>3-IEe?6d-S_T<5|<`Oo?t53=WK1ME2a?cf}Gz zgb+O)P1kEV)%FE$xI+6UM`?jc^e% zu#%IcBJ0bvlvlRYE%P(Wvpx{hv0OYx)xUrE=;EZxUJ6^8cFZ=PtDi^JQkA7t2mPjZ zK{$8i2Y-skh7lU97k(~pXkARH@9E`F=LfLtBolYO2Yo(do@+K~o~ljHbYl_xVtHST zZ&SajM2(*JF-MxYY3Jiq(H3w0NH%~t9OK(nN9}t znK%+^J#M_h!pI$Gn|w<8G5u`;R3%;XTbH`@27$p~%Q$zLK~U@v zIce1+^Xa|??{i~P<7rAz==iKJZ&Y7dt~p9!>k(pdbt}189lR*^Cw_|oV+d)k%X9Vw zWv~NxsD!_%HLPJ%RgELEZaV4!p(5g(NZCs7QtuDkH=y7LUsz&Wn`sask-$`4{*{C%i!RVk~X1ef{=nPv+~C0Uwn)8|Hsdc0)>Av994tGR>c?;W+N{obcAS5{(^&rMG8h6asp6Gl zqRVLSK>8kIuF)*-wodrm{Vw<+XSz%`tFOXq;1#HxjQMTCPdP&2D6QZ00b2&2qoX(S z%QS7<_`Aab>N7r5Rq@R)^aC1}FzaXkewAaDqH*efx!B7EuzMC<;?!BPA@4jG&NdK~ z*|nLM0;KN3SE0V}PiZ0+{g^AGjbW)7LVu*#HP@}Cr)v!lmk)5aG*JjW+CN>zfmG-l z&-5p4%e+K}^9j|F2g z(ISt*L?B1p1v0d>lqOm(7T+s#ibY zxLnfQh&SJH^uDwA^d1_%O*qHhmlXz7Yyy@uQ+!ZNs}s4JG?M zuOta?!F6J1Ke{>(5U8)9jBdhm#JchKU@+il_Bv}EI~CjUBiR#mhrVJ$og5PJXa-Q_*H{agiH zm$zFLj--0*z?*-~HUawjGo<$(NkEzUry4nF^f}+jT5#-w;5nc58O2+!Yqp2ANSmw^ z+7-o4*?7FU#$;4;4f+_Iixq5Ul9dkwzNiAg8qhPEh`1|dMNx(Z(H1O%YEddgJ*s|? z)r(Dz2PBH^mJfOd522N^`o~@5pwLc~gR@T2>2#CSH>zj0hZH@X)gDKqdPoP}vRc!1 zUkEI$QzO zDT=D2fZqBaE!n`k!L59E5=hv+`YRy6d&mFyMop&m1dU`ikfmd6bsYy zok*bKxR|l=VgVdTV7v;lqF9B)tbpFL&uFmkS6TsH%gb;li(c_6FXQF0f`;LEeEf@G z@nBXl|ANFZCJ9m3De!zN)l!OH6)~8Tr|4>J?unCNR~99LCAwq!Kx?1OdoLgL!?J&V z>sMXD-$?Gt&?8QHiG+tzePBZ-hpxx94N0Hd(R4Q2tTB&Kyaur>ReuWc^IJ?Vf3V(b zk}|UvXw*MNbVP0Z%ge%Tw@b&b8=TZbzt>KU;Q=7&9=N4r=jw~zn^K|*WTwe<#Mg1~ zzuox=5FUyH`eQ)TuepaSqJWgLX5f1e1~lIK6$oh4yQ;U%Y^bcX)H3Aj0F*{g`|&T~ zg+r5)T%2Dyq3hqu;t*z*GmPq3pO#4s$-q zuclW4jfA^EucVy6<_jR-OJZLCgG<_-j;|Y50TPvs6HM?u*i9}bq$QTtr;J&~xePgqOcn4g|WF6$FxcmTkiTC#fNZYH+Azmq@X zV8f};#TXG=J20(F=uDAu`+rQk0ly2cB)(&P`tnaF{yv|wl<-SBEMp5*xaD*tq- z`pLo9b(DtB&F}V?gfRrIIbMeLmEQ6@UFq>6^F;&F_gpum>PPxbbN0ff#Md|BO-ryh zbt0Sm+u6^f&#F2Lgoft4^SLQXyY;ey z-ObW^WnVRuvH6u)Jb&4IBDH>-O2J(5W-ZnH@xg$~g((RN+u7ItG=?lflb#(H35NLD zpPB7M4*4=iS3q{}{LqJA6!cV=o$pn=mt7<^lEy~0jajb;;JPzfh41bxaPiIZE|v~+$leMVQoUSJEyWGo&D)W)>#`qF0XE^5iehrpMB)5A;m*<{K=cT z$v3Y}=n*H8vy$(|}C9z1Xb`^)0eTHJmT3GPw1@&$OiuoGo^h%@7(aD%Rc#4AAGkih87PVQIVCq2EBD7=+Bla4Z_L! z%Y3hR_4-F^E>va|<-YX0j{+yruSug~kvfG4Wk3;f#jN^bH7JOtIin*4aIy~rQhCQT z@Vwa9np-s3d36V?7w<)@C<{bSj`}RDvz}MOEk@&wjN&QVtGN-~wtox;UthlXI4qos zDj4_L&8g&4;#jt589BuX+76=#p4=4d(3a*QX)du0J_GhePt4 z&gWv|TP<;O_A!~Fyynf9x%c*FQ;J3B!YbMNDF0iQ=X2!>W*a(B6OdiWeYD5YrDhom z9~1Iu(Ma>ctN{4An(V#Aa=%thPQI%;2<}DlsEd8ecxC5o) zPM{0Vxy943KN*w^Gz)7sDQ`R43VBrC+R)Z%b7a9Bc-?gAvJLK>6oq_tDixeH)*mOs6Cvk=C^Yo(#|vmW)+hmD ztl=ogSsc~VW6~1|eI=aZ^IYt?NS@;sK|0m)!Nf7!uUcDV=`3ceEGLsDVTgzqnK*<7 zi7x9bLrEsvV~b@&a^fCyaneJXZU$dg436XTLgwk^PYybjbUt>ATOrI|3tztYOV5Qk z`263w4J9+ZzQHuGNQmYRZZX(mX|sIIf^U$xOPl$0NbQ{FU@2&=f1?Ev0!)*9RZS=tC2z7 z>Zo2)NH0?zH5D6cQ<}~I854H|gIQe-8Avq6FS0g?5)BzDxXz`cYdZ(uCg_5=DTAWH zH?1~lN*(M_)s>D{2D0r%lRDnglp5Px?fXsTLz|jN{)cpZXv2OqC2}nU2p2)6(Ps`P z8f|1Ql_TG2cf5N4n1^wZhe^fs#U0>2&Qs_gU3((bV+ogt1Ri60lQ>jOu2#S7UXnxx z6r;k8JDE1?lh9x!Qp!3RimF$4(S9^MuJMQ+_u-zH3TQU^SO9x%BX^}0ruqA)*G&WO z0a5C;6Cv6@!+iFM%1WAoUXdhs%J+H~MP<$jf0Amw&XBQYbmI##`+sJ`XX6v?x7ZQ2 ztCYz;A;1K83}U*C4%HKv5XI!;$&{~;^2OWa(e{_MrxBvffc^_7Sk&C4N<{t&NC zhz0@bgSV3L z_dZ$z3^=`aS^#`$1r7O7sYy%9ad~=zapZO`a*?)DDt7a82{8ozgF8F69cUhkz z0ziA`3+suIPSmAra58)c^f=ayW}y9neg%-z=CY>4mCXHE+?EG)lm(iT6Mi2=RR3Aj zv7&o2Q;9%+&D%lJj{O}5?3!7k=7;_!!e9IV$S1Ti&?L##R47qt5iOG5-wGt` z`*$LsDS(zsLHnBvPTA*Txf4oB?`+_lG0ppNs7)#zD9;2sP8*|j zT7^s@*VTcf-z=a)@v!OeU-Jf^WzCDuuA_Uhp{hfCiI}zrpBt(SR_XD|uxI?JovF5` zP-B(MQHX%uGSBV(*k9)&91Y>wCQlK6_8YHO-g%97K&3FXleWm2VMw+fk%uqxzoZQ@_s)$F7eQ{_KbpB&qo49kX65JLO?+~cL!9&sg&y5 z8MQ10aX@&Bw5P^vIyc6kg{;^=OG=L?XSNPhXuHMP z;!I+OMfmP=($K6?`$BPpB{;&TwjdW!c4ay@ZEFPDoa2}pTKUWn8l?8hH+*yM6|-@E z)|iJiiQ+#AL7l8WGLsf~mYxTSM~w%>WdaXT3{sP_{JT~?BpR<2dUpDOlj@+~JbsMr z3O2^4r%7`t-yNnSHi@<7#Ho7&nIVPS>2$$!sBM+*vX&@&EJtsH-=TMn(?Z9q(90s8 zsUX_5#09whu}2{)7uMbC)D7p!`3(JnVH%I&1}*4LPWi<2R%neKn4Bg+f>)ah8sihB zkBMAjZeu3#xXhRnUpHcd)@d~a$f}&!paM!ZWa)yhq~7FmYGn!!)H$S3eimoa)#YJ& z2lSY0)aq&xal2ec#JNf5MGR^HMo@uc2M56oibAyK%kc*^THb4fj1=@s@3iGtYLq%tbd6f?+w# z>NT@b9#*ynf{!h?&v2^Gma$H>7(g_aeihp*xgU#3?^6@XQNorW{S_Kv)gx_RDVh7& zBwGCh1?PDDu$EY+>AB^Ba;jIh{#6Z8C19CR{ck1RcpYTCth>EL1fUIF;uGcK+ceYP zdSTW!HF>5yDeZVElY^X$t)6SB49oj1 z+O$IfDt05YW>;53PgSL>d_!JhTi08kG?LFn_S)e#R{2hQR?T4_$e$Sw(1zU?ICrG) z0mk?^pgHX|_O~~u!kl^-3=iOsrA+S1E9}-wh6~?>7QYXSFFv=PK;lY21abzUIc4JJyUJ-2@i1uC{%tEB^*)4FumA`zbSOb9Kx6w=zzjN$$ z=K8^ch=-8f3|0@{-ivUB;>Z!>>_9D6J(C9{lnM*TZy*U5vUk@uJW^)VGOeTP-+x z7}#|+YGZ!b7MJ&8@;0tds`CKapEq$={`&pNYo-AnQD_TD(R0~A=?m-c6l3=%;vOiW zE&-wM96!>kkN#x*Xfoj|ZjdfdD7jx9$;iv3U|FE9wj*mcN|*76~)o6Z z)4=v-)?Cr}27kG@U>yC(mYBklRfL3_d$ZF)G^EtZN9VtUB+Tu z(@zstg3ct3j_wn!km zY95OAG7jN5i#g=3>E6Aqq5Y!MB)n#Ymzxx7){_EMr7F}*2pia0>r!+o53Qi|_q>Va$=XtAnC*}rN$J^nH_uS~NFd?1Ef zxqH;A@2uwXw5HU4r(NWz+?B6UB3a$ovM*wM284O#fRF|U=J%SM{sy_LMUZ>)PXiT{ z2!I)X4jo6|;P{Zk=u5SPeR3h&0vyZ8x&*tKUDTPSWF_59GfCbHqE>c8kmZ_<8{J7S#V^6^{S!{?V7DWwB+|*~H{GUkq=( R06?E_gAX65|0dyY{|&1t5widQ literal 0 HcmV?d00001 diff --git a/image/an01_normal.png b/image/an01_normal.png new file mode 100755 index 0000000000000000000000000000000000000000..a90c26f994168e5ec5efb5d569155467c99f2955 GIT binary patch literal 7280 zcmeHsX;_kL+wOx_HfZ){ljg8mrM1-5a@LGiYJ+o{BMy}n4v9m~C|Is6t)!MYlmbmk zX=;UnBe-fACMqSODI(^CfH2dhqp;_m=TJE`MnJqpi&GSFh5UVhy2dc1xlp0R6;21*l7(Uy?*G zo;qm^Qr+*O7uOPs)w$Iow}8(jNVr(Pu&!G6-!pfhNefrZcJI%!E$5D;HIiWv{ol! z>e!~xe$NcE#>&soHoATgrf`b*edpDENBo+^V?~g)kL==ge^Tk2i+|Sa5xKX*HSw|( zQa+a$qWXUG(@mf*=Z3QftCx-;aCw^59>^L<=d(MeW1|`ADgr-Qwz=H4Ig!^ALn~3y zr%gT~ja?6eb!eJ#%-|cYTKaFNPaJEJ66F0$sP^0-d4{VXu!eHV9_Np96ICyr3 z!ia0ZA{2t+X)B;j(6CPJzu+;muqh-3g{`oNQ~~bI(e=m#!%5XWfYOYEG9oI~2>_I% z5bXn+|0j?=?G8U<8b(4yL$(1*nHdVa&lTvuz?dZlgGYV~6JFjX`~BVI}eW?w9XpFvT^7dbSf zOz1Bu{2Maj(PAkxwq)=6%`*BMa|PzE4xn^Fs{>)k!VOW8N2@&)c^_rAqToNc;O+OX z*@Uh6$OOO!jY;nU3|s%4=`;r*P3z{(Q*a7)xJk%iW=qS<;B)H$%nS~#RiH0o_cF#*>BO7fH9>J(6)**D5@C7;MDU3aAkpqiIyBlnXw zX#ud4fM{%Kch5{LQ?LD!yBQme_Ki};XK*lS_Hvg4i!lf!d9#5;1*L`?@UY?*|L~KG{6$}T}I4LI7 z<%wixfpytB`rq52ZB zaj7w(CUipNIkjCsuP%t|D6oF|VeNW(HiBQq6|(NT6Q1ks4RZ|9+RK1X*kR?;^+VO0 zF?D*|pU^}d>(6#Y^F7@OwV?Zr?5vD6Sg1!B=_Xh79I3dyY|laP5D^hHUpkKaIa(Nb zrKW8m+L*Xj|)55eA&mL^39*t-xKEr-pN^e<>>{Yp(yLY|T$ioMXEh`#*-Jv-XG{o*?&3%w|*S$W_DhKZ4DYsy2_AA7p-nV)q{hs&UeVl4u^^pii1a9mr z4zkno)SkeRHra+pKj3Yvv|lJfM)#hVvVB3B7uc^I{DUn0gLdUv(Co3GMR4|vUuEf$ zGt#sr@W-u*2lv@T~7jsdde2s94YQ>J}Nn2d*dI z?!H_1d%ts%xe^n6W`IR$w_BYCj;ES}-+Z5e0YQK%UikI3uU1$I6W=ABPr(un2ljP|Pm#8$4ywF39(Z_>1Q6K3b`3=g{B z(QDT#U5qs9aPN%;`kZ%j* zM=}D6pGLk~sUM7XO+5e6H8hsdkDYFk zFe~!s105xcR6T@>gj{REz1^$J7yWi^isfL73}T@KElv;V_sTGz2RCS_T!u(Fdc|U$ zY30AMAeu?w#PA=!4zlosh@wRaMnd(jnhR=uVKZ1rqObVrRTJHYxP zsLlOniTx#umPkwAC{zC8*o8XcrnugS^dytkXuSWn6B=LDFnF;JZUBNs-zk0TGPgff zKT*DThk?}TzetqAkFI-qd!Lfc7asBAo8!~18J%#x%?05EA_&U=YehHg<(G-(UlJso zg*g*mpKcbl0S?q6pq(>JNJSXohd6~~(DOT;y%E1E>M=({=5w|EDikes;#3Dnaa=F zPg&|q_C(iwAjj;y;O4k)UjMLZD=E`8#Obi-MaSnbe)f0D@(ranblO(&n;g6D%#|fd zZ7yGPh3u^qm!>4%xbrpL@YU9>EqZs^puz^AD!+LhT3mSVxoLlDOLM$+Sb-g#W`j#| zL1N!8`8yFRJO>6PPRT;ybNOHsbFlUW@MbO7)qRiOKRUFkYnGi*vBk>?px^tlzJp_6 z{4>~~U$TG=S%A{N8l3+&{C7P5Ux7m#&AoC}EX5im0iys z&X&rCuu~eIY|4e77=L|fcu!v7dqgl&x0N4kupwXVv~c4 zb_!W=d(wgqK8&l4K6MW5H~x~JS}J6Qzu*_queFwx9LJ-}$K$FxcuTqQKL}@6sHHV{ zUqdq8#k#dd$j+xV>r|;t+ksl@LB+6dwO<>Dt**k`nk41DpduLU$nM_ja{Q8@ited6 z*E$Zf@yO#H_~bjpJb(%D3Phapu|OOxeQ3TltoGPZ!V5cRYIAuL*j)OuNoFf_CEoqG ztUl4;0npCJGOC)tqAf*dx|U+#lFU!Tt2XRqGql{4@|{KkattoKZj36byE7E+Xgm`b{!V<72mZF z*`F!EIqi`L82x@sYla`fMFg~lvM#qi>VLiGV3qZg z{`i+s7 z`zyvN_cfIye1R7S*QR#`Z^^KT4w7{!=$-=y4A?;eXup55hXL2j#OEop)-G zb!Pli%-BzagR2Yoe)pqXnJo>;RN|CqhV;7c!Z$9ipXYCCoX;H7#UZpCPvQ=isMC3& zB_pWZTG;LwV(|!D+FzS`3y*?qNa<{T%BoN|hoEXx-{=>>zNg|;M}5PNBJ@%?{M~UTz6ZGv1JnKs&)*_#ERQj668TGg9ixEWmr6?*A>s z6o1RT?&X<9ol8~bGk)WQ8gMZ-ChWp+k3p&|Tqw+weTzaijd@QzTC4Ye)I;54TZw7i zjP8n>nB3gbdr||4Mmd3XxT2a z6~Ee&(h2kgzJ?S>RA{`JEip_EsP^zm;O+V1>MX+skjwcC9YPXiX-5l1%w@^FU(`dX z5rS*I7`*np+SnsduwiC$v$jdO{Tn~W?g!OAL$O@pNGz$9KhafA`E4pPlghr|Zp!d|uIYjG7G}PjMuMaSTSBHtVGadFMj8@Z-{p`;W7w_@F+Do_ih*_92Q@X4EX#pGMtdw|Awr)*+^v zD>?8JGE_Z9ohPYYDtNZag;du%p&5IFAwowFbXRH4avg3cVw~_CtYK}2O&{JhXg;!i zE@_ipckRBvs?)sIJs+OkZZZFB=Dr7O!qUc3)soraV$j1~tRw<1sU`0Z}qTDCFo)Yfq``I z^6~1=Z&3byazELF<8K4{O?7BHleUi^{yK9d+=XA3xjJEU1)%wPOFB~c(Xd{l<7C9g zTG3(Gw7dwx*E>i*cOWWTb<-TwhShw)^E?_|>gVU;#T$m85w;Sx_8nY>L2jc8RQQks<2_u%oP|-y5v?C`7g7{8gq!-TVeIXx2XMXHBwrKNI ze*qCTt6LYpPG>Wl17&eW zULTi(!{OXwP_-)at=l<)-U?7vxagqLrK`tQwD7#9{EniIeNZp?#vSh^8)f`tgJ!G$ zw~aBc=GT;IQ%A(b_AK|H%81JYlZJ?BL#P~q?xx;=Mq zwtpDXo=wz%5}-kqFHCf{lS2 zJ-gdb?E|&sUz3fzT#=?4Kzeh#enjq;wg`{34K0%fY_?k4`e4H>G*>BZ7xAZh{G#z1 zFt^I;X39f<11JqW`qK{NIVLy78g$`qnB&@JqPTVK)P9Zsyge9GZeR!~vHZ(Dha3XO z7G4?%t3u{XW*PcJJjE*IQ_a9R=Nh8ey(mJ_(D~T8z%KZ6JZM$B6R*&*68WVg2m2#3 zj|RaB5(O;mrqx>6WMM{xw4*gW&78}OcpB)oLib#Hg%rYQmb0c!63VWW&BWp|JB0Us zIBQec{LEG9TkGo+)%|I$B*|FR!r$2Ki-PmWDm|W-Eu7jvr++ZdVkL8OaveVGepjSh zy}=qeu=L1YvVX`q+$#rE#rS0;+yzOqhwg$fS>Yo2<)r+b;P*!sBAxz-yXR7~b zt0E6Th=0WjOpDk_g(VGRqHNIsvNf~OKPYpqACu|Iozsu4KiC?v)6XbT277NXUd>qA znN*>$Nhq_3q(wgo+@c`}t5z5mew!`2{yD6M;77S$AUKrV_$~4d0JFSws>F}F86XNeRRFTe)Q6xW==pXH)U(0 zNwwtJX=G?*wy6MH%`M*T&*v3urIp#M{b-5A4SR8BiGW^QMQ`jHORt z>e({V`2q>m^@%h(-;Dig(ynbOs5NFacnqtYFIDzhnzIFD7I@l@~iaIWi z%~r12(h<*7pM_DW4w{^qcs78TVD*C&WM7A4(i#trm-)eT*1$Vy@pIHK{Et!p|I_Jn bRmC=BcfY|(Y2n%?5jgAY;Z$?-!p;8y(+Fdk literal 0 HcmV?d00001 From 06a03441afd8fe3a5d7ba3086827fb0b4e778587 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 14:08:09 +0900 Subject: [PATCH 35/97] Add AN01 to the README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 309ba27..4fc481d 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,9 @@ If you install two or more Void Linux into the EFI system, only the last one can # Variants considerations Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. +# Application notes +- [AP01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) + # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. From 8fd083a0ebbab1a1dd1b8153563219d5eba21561 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 15:19:38 +0900 Subject: [PATCH 36/97] Add an0. Still writing --- appnote/an02_keyslot.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 appnote/an02_keyslot.md diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md new file mode 100644 index 0000000..88872f8 --- /dev/null +++ b/appnote/an02_keyslot.md @@ -0,0 +1,28 @@ +# Managing LUKS key slots +If somebody want to install two or three distributions into a system, Kaiten-yaki works perfectly. There is not problem at all. + +On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation, the user must understand and manage the LUKS key slots well. + +This application note explains the limitations and difficulties by the number of LUKS key slots, and how to overcome that limitation( if possible ). + +# The LUKS key slots +The LUKS volume has 8 key slots. That means, up to 8 key hashes can be stored. In other words, user can use 8 different keys to open a LUKS volume. + +In this case, the "user" is not limited as human being. Any software can use passphrase to open a LUKS volume. Thus, even the "user" is one person, multiple key slot may be used. + +If some user ( or software ) feed the passpharse to open a LUKS, the management software ( dm-crypt library ) scans keyslots and check whether there is a macching slot or not. If there is a slot which stored hash value maches with the hash value of the given passphrase, that passphrase is the right one. + +# Usage of key slots by Kaiten-yaki +Kaiten-yaki N+1 LUKS key slots to install the N distributions in a system. + +Whenever Kaiten-yaki create a LUKS volume, it registers the passphrase typed by the user. This passphrase is stored in to the key slot 0. So, when user type his passphrase correctly, it will be matched with the has value in the slot 0, by default. + +In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to open the LUKS volume from the linux kernel. This passphrase is different from the + +# Overwrite installation + +# Managing key slots + + +# A dirty hack + From 81a07816165a2fc01377ad775be9701cdd43e135 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 22:18:09 +0900 Subject: [PATCH 37/97] Add AN02 key slot. Add a consideration of the number of key slot Issue #18 --- appnote/an02_keyslot.md | 78 +++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 11 deletions(-) diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md index 88872f8..74766c6 100644 --- a/appnote/an02_keyslot.md +++ b/appnote/an02_keyslot.md @@ -1,28 +1,84 @@ # Managing LUKS key slots -If somebody want to install two or three distributions into a system, Kaiten-yaki works perfectly. There is not problem at all. +If somebody wants to install two or three distributions into a system, Kaiten-yaki works perfectly. There is no problem at all. -On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation, the user must understand and manage the LUKS key slots well. +On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation unveils the limitation of the number of the LUKS key slots. The user must understand and must manage the LUKS key slots well, to handle these cases. -This application note explains the limitations and difficulties by the number of LUKS key slots, and how to overcome that limitation( if possible ). +This application note explains the limitations and difficulties that come from the number of LUKS key slots, and how to overcome that limitation( if possible ). # The LUKS key slots -The LUKS volume has 8 key slots. That means, up to 8 key hashes can be stored. In other words, user can use 8 different keys to open a LUKS volume. +The LUKS volume has 8 key slots. That means, up to 8 key hash values can be stored. In other words, the user can use 8 different keys to open a LUKS volume. -In this case, the "user" is not limited as human being. Any software can use passphrase to open a LUKS volume. Thus, even the "user" is one person, multiple key slot may be used. +In this context, the "user" is not limited to a human being. Any software can use a passphrase to open a LUKS volume. Thus, even only one person uses a computer, multiple key slots may be used. -If some user ( or software ) feed the passpharse to open a LUKS, the management software ( dm-crypt library ) scans keyslots and check whether there is a macching slot or not. If there is a slot which stored hash value maches with the hash value of the given passphrase, that passphrase is the right one. +If some user ( or software ) feeds a passphrase to open a LUKS volume, the management software ( dm-crypt library ) scans key slots and check whether there is a matching slot or not. If there is a slot in which the stored hash value matches with the hash value of the given passphrase, that passphrase is the right one. -# Usage of key slots by Kaiten-yaki -Kaiten-yaki N+1 LUKS key slots to install the N distributions in a system. +# How Kaiten-yaki uses the LUKS key slots +Kaiten-yaki uses N+1 LUKS key slots to install the N distributions in a system ( where N is an integer ). -Whenever Kaiten-yaki create a LUKS volume, it registers the passphrase typed by the user. This passphrase is stored in to the key slot 0. So, when user type his passphrase correctly, it will be matched with the has value in the slot 0, by default. +Whenever Kaiten-yaki creates a LUKS volume, it registers a passphrase typed by the user. This passphrase is stored in the key slot 0. So, when the user types his passphrase correctly, its hash will be matched with the hash value in slot 0, by default. -In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to open the LUKS volume from the linux kernel. This passphrase is different from the +In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to open the LUKS volume from the Linux kernel. This passphrase is different from the user passphrase. This passphrase is random binary brock generated by /dev/random. This key is stored in the file under /etc/luks. Even somebody watches its value over the shoulder, the risk is small because it is difficult to ready for a human being. +Anyway, this usage defines the maximum number of Linux installed in a system. That is 7 if all are installed by Kaiten-yaki. If a user try to install the 8th distribution in a LUKS volume with Kaiten-yaki, it will fail because there is no vacant LUKS key slot. # Overwrite installation +The overwrite installation is another case that consumes a LUKS key slot. +if the variable OVERWITEINSTALL in config.sh is set to 1, Kaiten-yaki just overwrites an existing logical volume in the LUKS volume. Also, in this case, Kaiten-yaki registers a new key file for the new installation. Thus, while the number of the installed Linux is the same, the number of the used LUKS key slot is increased. + +Eventually, the user fails to install even the installed Linux is 2 or 3, if there is not vacant LUKS key slot. # Managing key slots +Some users may want to delete a key slot to install another distribution. In this case, they must know which LUKS key slots are used or not. +This section explains how to investigate the used slots. -# A dirty hack +First of all, user can l +The example of this command is shown below. Slot 0, 1, and 2 are occupied : +``` +takemasa@mate-vm:~$ sudo cryptsetup luksDump /dev/sda2 | grep -i bled +Key Slot 0: ENABLED +Key Slot 1: ENABLED +Key Slot 2: ENABLED +Key Slot 3: DISABLED +Key Slot 4: DISABLED +Key Slot 5: DISABLED +Key Slot 6: DISABLED +Key Slot 7: DISABLED +``` +If there is still a vacant LUKS key slot, the user can install another distribution without deleting the existing slot. But if there is not vacant LUKS key slot at all, the user must delete an occupied but unused slot. To know such a slot, the user must mark all the occupied and used slots. +First of all, check the LUKS key slot for the user passphrase. Run the followings command. +```shell +cryptsetup -v --test-passphrase luksOpen /dev/sdXN +``` +Where X is a, b, c..., N is 1, 2, 3... + +The command will prompt to type the passphrase to decrypt. If the user types the correct passphrase, the command shows the key slot number of that passphrase. The followings are the example : +``` +takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2 +Enter passphrase for /dev/sda2: +Key slot 0 unlocked. +Command successful. +``` +We can see the slot 0 is used. + +Next, run the following command **for each** installation of distribution. This command shows the slot number which stores the key of the passphrase file passing to the kernel. /etc/luks/boot_os.keyfile is created by Kaiten-yaki, during the installation + +```shell +sudo cryptsetup -v --test-passphrase luksOpen /dev/sdXN --key-file /etc/luks/boot_os.keyfile +``` +Followings are the sample execution : +``` +takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2 --key-file /etc/luks/boot_os.keyfile +Key slot 2 unlocked. +Command successful. +``` +By repeating this command inside all installations, the user can list up the occupied and used slots. The other slots are occupied but not used. + +Finally, the user can delete the appropriate occupied but not used LUKS key slot by the following command. +```shell +sudo cryptsetup luksKillSlot /dev/sdXN key_slot_number_to_delete +``` +# Conclusion +For the typical case like installing 2 or 3 distributions in a system, there is no problem to use Kaiten-yaki, at all. + +But if users want to install as many as possible, or repeat the overwrite install, they must understand the number of the LUKS key slots. \ No newline at end of file From fe7a4a1439d855d82f36108f833e6b9f59570d14 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 10 Jul 2021 22:21:39 +0900 Subject: [PATCH 38/97] Add AN02 to README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4fc481d..9e75a32 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,8 @@ If you install two or more Void Linux into the EFI system, only the last one can Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. # Application notes -- [AP01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) +- [AN01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) +- [AN02 : Managing LUKS key slots](appnote/an02_keyslot.md) # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. From 75d7a7ccc357151d7243c9a945e2b22ac4ca1507 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 10:34:27 +0900 Subject: [PATCH 39/97] ADD AN03 itertime Add a consideration of LUKS stretching Issue #20 --- README.md | 1 + appnote/an02_keyslot.md | 2 +- appnote/an03_itertime.md | 48 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 appnote/an03_itertime.md diff --git a/README.md b/README.md index 9e75a32..3002494 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Ubuntu has several variants ( flavors ). While while only the MATE flavor is tes # Application notes - [AN01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) - [AN02 : Managing LUKS key slots](appnote/an02_keyslot.md) +- [AN03 : The ITERTIME parameter and vulnerability](appnote/an03_itertime.md) # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md index 74766c6..2b04fc4 100644 --- a/appnote/an02_keyslot.md +++ b/appnote/an02_keyslot.md @@ -1,4 +1,4 @@ -# Managing LUKS key slots +# AN02 Managing LUKS key slots If somebody wants to install two or three distributions into a system, Kaiten-yaki works perfectly. There is no problem at all. On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation unveils the limitation of the number of the LUKS key slots. The user must understand and must manage the LUKS key slots well, to handle these cases. diff --git a/appnote/an03_itertime.md b/appnote/an03_itertime.md new file mode 100644 index 0000000..7145cca --- /dev/null +++ b/appnote/an03_itertime.md @@ -0,0 +1,48 @@ +# AN03 The ITERTIME parameter and vulnerability +The ITERTIME configuration parameter in the config.sh can provide a better user experience during the passphrase input. It can reduce the pain of the longer passphrase and encourage users to use longer passphrases. + +On the other hand, it may pull a vulnerability. + +The followings are the consideration around the ITERTIME parameter. + +## The passphrase experience +Let's assume there is a Ubuntu desktop system in which the disk was encrypted by Ubiquity installer without Kaiten-yaki. In this system, the /boot partition is installed as a separate and un-encrypted state. So, the Linux kernel file is not protected. + +If the user mistyped the passphrase at boot, Ubuntu prompts to type a passphrase again. There is no pain. It just asks. + +Now, what's happen if a user mistyped the passphrase on the Kaiten-yaki installed system. It takes a very wrong time to see the error message. And the system doesn't prompt to type again ( The prompt issue is discussed in the [AN01](an01_howtorecover.md) ). Especially, the more number of the installations in a system makes the longer duration till the error message. Sometimes this is unbearable pain to the user. + +This kind of pain de-motivates users to use a long passphrase, because the longer passphrase causes more mistypes. As a result, some users may use the shorter passphrase. The bad user experience of passphrase input may help the malicious attackers. + +## Why the full disk encryption is so slow at passphrase input +GRUB is the root cause of this slow user passphrase matching. + +The passphrase is hashed and stored to LUKS key slot when a LUKS volume is created ( or, a new passphrase is added ). The stored hash value is not simple. The cryptsetup command makes hash value from the user passphrase. And then, create the next hash from this hash. And then, create a third hash from the 2nd hash, so on. This repeating is named [key stretching](https://en.wikipedia.org/wiki/Key_stretching). + +The key stretching technique enforces malicious attackers using more computation resources on the brute force attacking. The more stretching iteration times require the more resources to attack. + +Of course, there is a balance and security strength. By default, the cryptsetup command takes the iteration needing 1 sect to calculate the passphrase hash, for the LUKS1 format. This sounds like a good balance. The cryptsetup runs on Linux when it calculates the appropriate iteration of key stretching. So, there is no problem if Linux challenges user passwords. It will take about 1 sec, by default. + +But there is a pitfall. On the full disk encryption system by Kaiten-yaki, the /boot is encrypted. So, to load the Linux kernel, GRUB has to decrypt the LUKS volume. That means GRUB has to calculate the passphrase hash. Unfortunately, this calculation is slower than Linux's one. Thus the user has to wait longer than 1 second. + +The duration by GRUB is up to the system. It depends on the CPU. Also, In addition to this slow hashing, GRUB has to scan all used key slots when the user mistyped. For example, if 3 distributions are installed in a LUKS volume by Kaiten-yaki, 4 key slots are used. Thus, if it takes 10 seconds to challenged one hash by GRUB, this system takes 40seconds to show "The wrong password". + +This is the mechanism of the slow response at the passphrase input. +## The key stretching, the --iter-time parameter, and the vulnerability +Kaiten-yaki can relax this pain by ITERTIME configuration parameter in config.sh. This parameter is passed to the cryptsetup command as --iter-time parameter. + +By setting 1000 to the ITERTIME, cryptsetup takes the key stretching iteration cycle to take 1000 milliseconds. By setting 100, it will be 100 milliseconds. It is believed the default value of --iter-time is 1000 ( Its compile default ). Thus, choosing 100 as ITERTIME makes the duration to the "Wrong password" 4 seconds, in the above example. This sounds acceptable. + +On the other hand, the smaller ITERTIME is the weaker to the bute force attack. It is assumed the strength of the passphrase hash is linear to the ITERTIME parameter ( --iter-time parameter of cryptsetup ). + +## The longer passphrase vs. longer key stretching +While the passphrase hash strength is considered linear to the key stretching iteration, the passphrase strength is exponential to its length. + +There many discussions on the strength of the passphrase. Simply speaking, Adding one alphabet ( a-z ) may expand its strength 26 times. That is why the long passphrase is very important. + +The 1/10 strength of the key stretching can be covered by adding 1 character to the passphrase. + +## Conclusion +The full disk encryption will give big pain to the user at the passphrase input phase. It seems to be reasonable to use the smaller ITERTIME ( --iter-time ) parameter to encourage the user to use the longer passphrase like 20 letters, from the viewpoint of security. + +The security policy is up to the people, community, and mission. The consideration here assumed the desktop PC as a hobby. For mission-critical usage, the user should consult security experts. \ No newline at end of file From 1e3eb8943f11c7dcf81f7e0b5d756ed071a7171b Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 10:39:46 +0900 Subject: [PATCH 40/97] Update changelog. --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af2b381..6029898 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,10 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added -- [Issue 13 : Add ITERTIME configuration parameter to config.txt #13](https://github.com/suikan4github/kaiten-yaki/issues/13) +- [Issue 13 : Add ITERTIME configuration parameter to config.txt](https://github.com/suikan4github/kaiten-yaki/issues/13) +- [Issue 18 : Add a consideration of the number of key slot](https://github.com/suikan4github/kaiten-yaki/issues/18) +- [Issue 20 : Add a consideration of LUKS stretching](https://github.com/suikan4github/kaiten-yaki/issues/20) +- [Issue 21 : Add a document of how to recover from the mistyping of passphrase](https://github.com/suikan4github/kaiten-yaki/issues/21) ### Changed - [Issue 5 : OVERWRITEINSTALL confirmation is missing](https://github.com/suikan4github/kaiten-yaki/issues/5) From aaa5609a9a90353a0b5bf43fefdc1c4c6fc8bc6e Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 10:41:06 +0900 Subject: [PATCH 41/97] Add number to the title --- appnote/an01_howtorecover.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md index c715be6..c7645af 100644 --- a/appnote/an01_howtorecover.md +++ b/appnote/an01_howtorecover.md @@ -1,4 +1,4 @@ -# How to recover from the mistyping of the passphrase +# AN01 : How to recover from the mistyping of the passphrase The mistyping of the passphrase is painful, in the full disk encrypted Linux. In the usual encrypted Ubuntu install by Ubiquity, mistyping os passphrase is warn by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the under to use a long passphrase. From f6033433ad55e0ba4d9ffb5ce80018bbba4681a1 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 12:51:21 +0900 Subject: [PATCH 42/97] Add AN04 partition Add a considration of more flexible partitionning Issue #19 --- INSTALL.md | 2 +- appnote/an02_keyslot.md | 6 ++--- appnote/an04_favoritepartition.md | 43 +++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 appnote/an04_favoritepartition.md diff --git a/INSTALL.md b/INSTALL.md index e19f912..dcf3c30 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -6,7 +6,7 @@ Installation requires mainly 2 steps. - Run the kaiten-yaki script You can execute the install script without the command line parameter. For example : -```shell +```sh source ubuntu-kaiten-yaki.sh ``` The first stage of the script is preparation like: erasing a disk, format partition, and encryption. This is the most critical stage of the entire installation process. This part is controlled by the configuration parameter. Thus, you have to edit the config.txt carefully. diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md index 2b04fc4..3cd0a28 100644 --- a/appnote/an02_keyslot.md +++ b/appnote/an02_keyslot.md @@ -47,7 +47,7 @@ Key Slot 7: DISABLED If there is still a vacant LUKS key slot, the user can install another distribution without deleting the existing slot. But if there is not vacant LUKS key slot at all, the user must delete an occupied but unused slot. To know such a slot, the user must mark all the occupied and used slots. First of all, check the LUKS key slot for the user passphrase. Run the followings command. -```shell +```sh cryptsetup -v --test-passphrase luksOpen /dev/sdXN ``` Where X is a, b, c..., N is 1, 2, 3... @@ -63,7 +63,7 @@ We can see the slot 0 is used. Next, run the following command **for each** installation of distribution. This command shows the slot number which stores the key of the passphrase file passing to the kernel. /etc/luks/boot_os.keyfile is created by Kaiten-yaki, during the installation -```shell +```sh sudo cryptsetup -v --test-passphrase luksOpen /dev/sdXN --key-file /etc/luks/boot_os.keyfile ``` Followings are the sample execution : @@ -75,7 +75,7 @@ Command successful. By repeating this command inside all installations, the user can list up the occupied and used slots. The other slots are occupied but not used. Finally, the user can delete the appropriate occupied but not used LUKS key slot by the following command. -```shell +```sh sudo cryptsetup luksKillSlot /dev/sdXN key_slot_number_to_delete ``` # Conclusion diff --git a/appnote/an04_favoritepartition.md b/appnote/an04_favoritepartition.md new file mode 100644 index 0000000..701c49c --- /dev/null +++ b/appnote/an04_favoritepartition.md @@ -0,0 +1,43 @@ +# AN04 How to make LUKS volume to the favorite partition +Kaiten-yaki creates the LUKS volume on the 1st partition for the BIOS system ( 2nd partition for the UEFI system ) by default. Also, Kaiten-yaki assigns all space for the LUKS volume, except the space for the EFI partition. + +This application note explains how to use the favorite partition with favorite size for LUKS volume. + +## Step 1: Making partitions +To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and UEFI systems, respectively. + +In this documentation, we assume the user wants to use /dev/sdb3 as LUKS partition to install Ubuntu. +## Step 2: Configuration +Next user must configure the config.sh. + +The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sdb. +```sh +export DEV="/dev/sdb" +``` +The second parameter to edit is **CRYPTPARTITION**. By default, this parameter is set automatically according to the firmware type. The EFIPARTITION parameter can be left untouched. This parameter is not used. +```sh +if [ ${ISEFI} -ne 0 ] ; then +# EFI firmware +export EFIPARTITION=1 +export CRYPTPARTITION=3 +else +# BIOS firmware +export CRYPTPARTITION=3 +fi # EFI firmware +``` +Makes sure the **ERASEALL** and **OVERWRITEINSTALL** are 0. +## Step 3: Make LUKS partition +After saving the customer config.sh, run the following command to set the environment variable. +```sh +source config.sh +``` +Then, run the following command to create a LUKS volume. +```sh +cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 --key-file "${DEV}${CRYPTPARTITION}" +``` +This command sets up the LUKS volume on the specified partition. This command also asks for the passphrase of this LUKS volume. +## Step 4: Run Kaiten-yaki +Now, it's a time to run Kaiten-yaki +```sh +kaiten-yaki-ubuntu +``` \ No newline at end of file From e3d957c4be8c40de8028654f7525ab7cf968aab2 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 12:54:34 +0900 Subject: [PATCH 43/97] Corrected spell. --- INSTALL.md | 4 ++-- appnote/an04_favoritepartition.md | 4 ++-- script/config.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index dcf3c30..b0b01bd 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -76,13 +76,13 @@ export EFISIZE="200M" export LVSWAPSIZE="8G" # Usually, these names can be left untouched. -# If you change, keep them consistent through all instllation in your system. +# If you change, keep them consistent through all installation in your system. export CRYPTPARTNAME="luks_volume" export VGNAME="vg1" export LVSWAPNAME="swap" # Do not touch this parameter, unless you understand what you are doing. -# 1 : Overwrite the existing logical volume as root vlume. +# 1 : Overwrite the existing logical volume as root volume. # 0 : Create new logical volume as root volume. export OVERWRITEINSTALL=0 diff --git a/appnote/an04_favoritepartition.md b/appnote/an04_favoritepartition.md index 701c49c..0335198 100644 --- a/appnote/an04_favoritepartition.md +++ b/appnote/an04_favoritepartition.md @@ -1,10 +1,10 @@ # AN04 How to make LUKS volume to the favorite partition -Kaiten-yaki creates the LUKS volume on the 1st partition for the BIOS system ( 2nd partition for the UEFI system ) by default. Also, Kaiten-yaki assigns all space for the LUKS volume, except the space for the EFI partition. +Kaiten-yaki creates the LUKS volume on the 1st partition for the BIOS system ( 2nd partition for the EFI system ) by default. Also, Kaiten-yaki assigns all space for the LUKS volume, except the space for the EFI partition. This application note explains how to use the favorite partition with favorite size for LUKS volume. ## Step 1: Making partitions -To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and UEFI systems, respectively. +To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and EFI systems, respectively. In this documentation, we assume the user wants to use /dev/sdb3 as LUKS partition to install Ubuntu. ## Step 2: Configuration diff --git a/script/config.sh b/script/config.sh index 7e79a78..bb378c0 100644 --- a/script/config.sh +++ b/script/config.sh @@ -26,13 +26,13 @@ export EFISIZE="200M" export LVSWAPSIZE="8G" # Usually, these names can be left untouched. -# If you change, keep them consistent through all instllation in your system. +# If you change, keep them consistent through all installation in your system. export CRYPTPARTNAME="luks_volume" export VGNAME="vg1" export LVSWAPNAME="swap" # Do not touch this parameter, unless you understand what you are doing. -# 1 : Overwrite the existing logical volume as root vlume. +# 1 : Overwrite the existing logical volume as root volume. # 0 : Create new logical volume as root volume. export OVERWRITEINSTALL=0 From a79ad35fe0e0a089f3233c856b5c7111562d9d68 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 13:52:09 +0900 Subject: [PATCH 44/97] Correct the AN04 based on the experiment --- appnote/an04_favoritepartition.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/appnote/an04_favoritepartition.md b/appnote/an04_favoritepartition.md index 0335198..b81f96d 100644 --- a/appnote/an04_favoritepartition.md +++ b/appnote/an04_favoritepartition.md @@ -6,23 +6,23 @@ This application note explains how to use the favorite partition with favorite s ## Step 1: Making partitions To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and EFI systems, respectively. -In this documentation, we assume the user wants to use /dev/sdb3 as LUKS partition to install Ubuntu. +In this documentation, we assume the user wants to use /dev/sda5 as LUKS partition to install Ubuntu. ## Step 2: Configuration Next user must configure the config.sh. The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sdb. ```sh -export DEV="/dev/sdb" +export DEV="/dev/sda" ``` The second parameter to edit is **CRYPTPARTITION**. By default, this parameter is set automatically according to the firmware type. The EFIPARTITION parameter can be left untouched. This parameter is not used. ```sh if [ ${ISEFI} -ne 0 ] ; then # EFI firmware export EFIPARTITION=1 -export CRYPTPARTITION=3 +export CRYPTPARTITION=5 else # BIOS firmware -export CRYPTPARTITION=3 +export CRYPTPARTITION=5 fi # EFI firmware ``` Makes sure the **ERASEALL** and **OVERWRITEINSTALL** are 0. @@ -33,11 +33,11 @@ source config.sh ``` Then, run the following command to create a LUKS volume. ```sh -cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 --key-file "${DEV}${CRYPTPARTITION}" +cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 "${DEV}${CRYPTPARTITION}" ``` This command sets up the LUKS volume on the specified partition. This command also asks for the passphrase of this LUKS volume. ## Step 4: Run Kaiten-yaki Now, it's a time to run Kaiten-yaki ```sh -kaiten-yaki-ubuntu +source kaiten-yaki-ubuntu ``` \ No newline at end of file From f1ad8ae660caabd9b9b339f7ba0c40282306fe8a Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 13:59:42 +0900 Subject: [PATCH 45/97] Add AN04 to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3002494..b22dc3a 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ Ubuntu has several variants ( flavors ). While while only the MATE flavor is tes - [AN01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) - [AN02 : Managing LUKS key slots](appnote/an02_keyslot.md) - [AN03 : The ITERTIME parameter and vulnerability](appnote/an03_itertime.md) +- [AN04 : How to make LUKS volume to the favorite partition](appnote/an04_favoritepartition.md) # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. From 40972cebaf3b832f51963437b5c227f0bcfb5ec3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 14:31:21 +0900 Subject: [PATCH 46/97] Update the documentation --- appnote/an01_howtorecover.md | 14 +++++++------- appnote/an02_keyslot.md | 13 ++++++------- appnote/an03_itertime.md | 10 +++++----- appnote/an04_favoritepartition.md | 7 ++++--- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md index c7645af..6cc3b9a 100644 --- a/appnote/an01_howtorecover.md +++ b/appnote/an01_howtorecover.md @@ -1,7 +1,7 @@ # AN01 : How to recover from the mistyping of the passphrase The mistyping of the passphrase is painful, in the full disk encrypted Linux. -In the usual encrypted Ubuntu install by Ubiquity, mistyping os passphrase is warn by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the under to use a long passphrase. +In the usual encrypted Ubuntu install by Ubiquity, mistyping disk passphrase is warned by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the user to use a long passphrase. ![bios](../image/an01_bios.png) @@ -10,7 +10,7 @@ This application note explains how to recover from this condition, quickly. # BIOS system In the BIOS system, the recovery is pretty easy. -In the case of the mistyping passphrase, GRUB goes into rescue mode. In this mode, the user can recover from 3 commands. +In the case of the mistyping passphrase, GRUB goes into rescue mode. The user can recover by 3 commands from this mode. ``` cryptomount -a @@ -18,9 +18,9 @@ insmod normal normal ``` -The **cryptomount** command tries to mount the specific encrypted partition to boot. To mount it, the GRUB prompts the user to type the passphrase. The "-a" option specifies all encrypted partitions. If the system is encrypted by Kaiten-yaki, it has only one encrypted partition. So, this is the easiest way. +The **cryptomount** command tries to mount the encrypted partition specified by parameter. To mount it, GRUB prompts the user to type the passphrase. The "-a" option means all encrypted partitions. If the system is encrypted by Kaiten-yaki, it has only one encrypted LUKS partition. So, this is the easiest way. -The **insmod** command loads the specified GRUB command module from the mounted storage and inserts it into the command list. The second line loads the "normal" command which displays the normal menu to the user. +The **insmod** command loads a GRUB command module from the mounted storage and inserts it into the command list. The second line loads the "normal" command which displays the normal menu to the user. Finally, **normal** command shows the normal boot menu to the user. @@ -29,7 +29,7 @@ Now, the user can select the system to boot as usual. # EFI system In the EFI system, recovery needs extra steps compared to the BIOS system. -Alternatively, GURB is not in the rescue mode but the normal mode, even the passphrase is mistyped. So, the user can use command completion. This is better than the BIOS system. +Unlike the BIOS system, GURB is not in the rescue mode but the normal mode, when the passphrase is mistyped. So, the user can use command completion. This is better than the BIOS system. The first step of the recovery is the same with the BIOS system. ``` @@ -37,7 +37,7 @@ cryptomount -a ``` Again, in the EFI system, the user can use the command completion by pressing the [TAB] key. -The second step is unique in the EFI system. By using **ls** command check the list of volumes existing in the system, and identify which volume contains the grub menu. And then, pick that volume and assign it to the **prefix** variable, with grub path. +The second step is unique in the EFI system. The user can check the list of volumes existing in the system by **ls** command. The ls command allows the user can identify which volume contains the grub menu. And then, the user picks the right volume and assign it to the **prefix** variable, with the grub path. Following is the example. The (lvm/vg1-mate) is dependent on the system. It has to be substituted by the appropriate volume name for each system. @@ -56,7 +56,7 @@ Following is the screenshot of the command sequence to recover the mistyping of ![bios](../image/an01_efi.png) -## Summary +## Conclusion In the full disk encrypted system, mistyping of the passphrase is more painful than the partially encrypted system. The user can overcome this situation with several steps of commands and can show the normal boot menu. ![bios](../image/an01_normal.png) diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md index 3cd0a28..525554f 100644 --- a/appnote/an02_keyslot.md +++ b/appnote/an02_keyslot.md @@ -6,18 +6,18 @@ On the other hand, some extreme cases like installing distributions as many as p This application note explains the limitations and difficulties that come from the number of LUKS key slots, and how to overcome that limitation( if possible ). # The LUKS key slots -The LUKS volume has 8 key slots. That means, up to 8 key hash values can be stored. In other words, the user can use 8 different keys to open a LUKS volume. +The LUKS volume has 8 key slots which can stores one key hash value. In other words, the user can use 8 different keys to open a LUKS volume. In this context, the "user" is not limited to a human being. Any software can use a passphrase to open a LUKS volume. Thus, even only one person uses a computer, multiple key slots may be used. -If some user ( or software ) feeds a passphrase to open a LUKS volume, the management software ( dm-crypt library ) scans key slots and check whether there is a matching slot or not. If there is a slot in which the stored hash value matches with the hash value of the given passphrase, that passphrase is the right one. +If an user ( or software ) feeds a passphrase to open a LUKS volume, the management software ( dm-crypt library ) scans key slots and check whether there is a matching slot or not. If there is a slot in which the stored hash value matches with the hash value of the given passphrase, that passphrase is the right one. # How Kaiten-yaki uses the LUKS key slots Kaiten-yaki uses N+1 LUKS key slots to install the N distributions in a system ( where N is an integer ). -Whenever Kaiten-yaki creates a LUKS volume, it registers a passphrase typed by the user. This passphrase is stored in the key slot 0. So, when the user types his passphrase correctly, its hash will be matched with the hash value in slot 0, by default. +Whenever Kaiten-yaki creates a LUKS volume, it registers a passphrase typed by the user. This passphrase is stored in the key slot 0. So, when the user types his passphrase correctly at boot time, its hash will be matched with the hash value in slot 0, by default. -In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to open the LUKS volume from the Linux kernel. This passphrase is different from the user passphrase. This passphrase is random binary brock generated by /dev/random. This key is stored in the file under /etc/luks. Even somebody watches its value over the shoulder, the risk is small because it is difficult to ready for a human being. +In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to let the Linux kernel open the LUKS volume. This passphrase is different from the user passphrase. Actually, this passphrase is random binary brock generated by /dev/random. This key is stored in the file under /etc/luks. Even somebody watches its value over the shoulder of a user, the risk is small because it is difficult to read for a human being. Anyway, this usage defines the maximum number of Linux installed in a system. That is 7 if all are installed by Kaiten-yaki. If a user try to install the 8th distribution in a LUKS volume with Kaiten-yaki, it will fail because there is no vacant LUKS key slot. # Overwrite installation @@ -25,14 +25,13 @@ The overwrite installation is another case that consumes a LUKS key slot. if the variable OVERWITEINSTALL in config.sh is set to 1, Kaiten-yaki just overwrites an existing logical volume in the LUKS volume. Also, in this case, Kaiten-yaki registers a new key file for the new installation. Thus, while the number of the installed Linux is the same, the number of the used LUKS key slot is increased. -Eventually, the user fails to install even the installed Linux is 2 or 3, if there is not vacant LUKS key slot. +Eventually, the user fails to install even the installed Linux is small like 2 or 3, if there is not vacant LUKS key slot. # Managing key slots Some users may want to delete a key slot to install another distribution. In this case, they must know which LUKS key slots are used or not. This section explains how to investigate the used slots. -First of all, user can l -The example of this command is shown below. Slot 0, 1, and 2 are occupied : +First of all, user can list the status of the all LUKS key slots. The example of this command is shown below. Slot 0, 1, and 2 are occupied : ``` takemasa@mate-vm:~$ sudo cryptsetup luksDump /dev/sda2 | grep -i bled Key Slot 0: ENABLED diff --git a/appnote/an03_itertime.md b/appnote/an03_itertime.md index 7145cca..2d440a8 100644 --- a/appnote/an03_itertime.md +++ b/appnote/an03_itertime.md @@ -10,7 +10,7 @@ Let's assume there is a Ubuntu desktop system in which the disk was encrypted by If the user mistyped the passphrase at boot, Ubuntu prompts to type a passphrase again. There is no pain. It just asks. -Now, what's happen if a user mistyped the passphrase on the Kaiten-yaki installed system. It takes a very wrong time to see the error message. And the system doesn't prompt to type again ( The prompt issue is discussed in the [AN01](an01_howtorecover.md) ). Especially, the more number of the installations in a system makes the longer duration till the error message. Sometimes this is unbearable pain to the user. +Now, let's see what's happen if a user mistyped the passphrase on the system which was installed by Kaiten-yaki. It takes a very wrong time to see the error message. And the system doesn't prompt to type again ( The prompt issue is discussed in the [AN01](an01_howtorecover.md) ). Especially, the more number of the installations in a system makes the longer duration till the error message. Sometimes this is unbearable pain to the user. This kind of pain de-motivates users to use a long passphrase, because the longer passphrase causes more mistypes. As a result, some users may use the shorter passphrase. The bad user experience of passphrase input may help the malicious attackers. @@ -19,19 +19,19 @@ GRUB is the root cause of this slow user passphrase matching. The passphrase is hashed and stored to LUKS key slot when a LUKS volume is created ( or, a new passphrase is added ). The stored hash value is not simple. The cryptsetup command makes hash value from the user passphrase. And then, create the next hash from this hash. And then, create a third hash from the 2nd hash, so on. This repeating is named [key stretching](https://en.wikipedia.org/wiki/Key_stretching). -The key stretching technique enforces malicious attackers using more computation resources on the brute force attacking. The more stretching iteration times require the more resources to attack. +The key stretching technique enforces malicious attackers to use more computation resources on the brute force attacking. The more stretching iteration times require the more resources to attack. -Of course, there is a balance and security strength. By default, the cryptsetup command takes the iteration needing 1 sect to calculate the passphrase hash, for the LUKS1 format. This sounds like a good balance. The cryptsetup runs on Linux when it calculates the appropriate iteration of key stretching. So, there is no problem if Linux challenges user passwords. It will take about 1 sec, by default. +Of course, there is a balance and security strength. By default, the cryptsetup command takes the iteration needing 1 sect to calculate the passphrase hash, for the LUKS1 format. This sounds like a good balance. The cryptsetup runs on Linux when it calculates the appropriate iteration of key stretching. So, there is no problem if Linux challenges user passwords. It will take about 1 sec, by default on the Linux system. 1 second is acceptable for almost users. But there is a pitfall. On the full disk encryption system by Kaiten-yaki, the /boot is encrypted. So, to load the Linux kernel, GRUB has to decrypt the LUKS volume. That means GRUB has to calculate the passphrase hash. Unfortunately, this calculation is slower than Linux's one. Thus the user has to wait longer than 1 second. -The duration by GRUB is up to the system. It depends on the CPU. Also, In addition to this slow hashing, GRUB has to scan all used key slots when the user mistyped. For example, if 3 distributions are installed in a LUKS volume by Kaiten-yaki, 4 key slots are used. Thus, if it takes 10 seconds to challenged one hash by GRUB, this system takes 40seconds to show "The wrong password". +The duration by GRUB to calculate the passphrase hash value is up to the system. It depends on the CPU. Also, In addition to this slow hashing, GRUB has to scan all used key slots when the user mistyped. For example, if 3 distributions are installed in a LUKS volume by Kaiten-yaki, 4 key slots are used. Thus, if it takes 10 seconds to challenged one hash by GRUB, this system takes 40seconds to show "The wrong password". This is the mechanism of the slow response at the passphrase input. ## The key stretching, the --iter-time parameter, and the vulnerability Kaiten-yaki can relax this pain by ITERTIME configuration parameter in config.sh. This parameter is passed to the cryptsetup command as --iter-time parameter. -By setting 1000 to the ITERTIME, cryptsetup takes the key stretching iteration cycle to take 1000 milliseconds. By setting 100, it will be 100 milliseconds. It is believed the default value of --iter-time is 1000 ( Its compile default ). Thus, choosing 100 as ITERTIME makes the duration to the "Wrong password" 4 seconds, in the above example. This sounds acceptable. +By setting 1000 to the ITERTIME, cryptsetup takes the key stretching iteration cycle to take 1000 milliseconds. By setting 100, it will be 100 milliseconds. It is believed the default value of --iter-time is 1000 ( Its compile default ). Thus, choosing 100 as ITERTIME shorten the duration to the "Wrong password" from 40 seconds to 4 seconds, in the above example. This sounds acceptable. On the other hand, the smaller ITERTIME is the weaker to the bute force attack. It is assumed the strength of the passphrase hash is linear to the ITERTIME parameter ( --iter-time parameter of cryptsetup ). diff --git a/appnote/an04_favoritepartition.md b/appnote/an04_favoritepartition.md index b81f96d..8ef4b61 100644 --- a/appnote/an04_favoritepartition.md +++ b/appnote/an04_favoritepartition.md @@ -6,11 +6,11 @@ This application note explains how to use the favorite partition with favorite s ## Step 1: Making partitions To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and EFI systems, respectively. -In this documentation, we assume the user wants to use /dev/sda5 as LUKS partition to install Ubuntu. +In this documentation, we assume the user wants to use /dev/sda5 as LUKS partition to install Ubuntu, as example. ## Step 2: Configuration Next user must configure the config.sh. -The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sdb. +The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sda. ```sh export DEV="/dev/sda" ``` @@ -40,4 +40,5 @@ This command sets up the LUKS volume on the specified partition. This command al Now, it's a time to run Kaiten-yaki ```sh source kaiten-yaki-ubuntu -``` \ No newline at end of file +``` +All other operations are same with usual install. \ No newline at end of file From ac70e126d83c4e0353bd201007977dbc557ed904 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 14:39:17 +0900 Subject: [PATCH 47/97] Update changelog --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6029898..6169074 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,19 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd - +Added ITERTIME parameter and corrected other small issues. Application notes AN01-04 are added. +The Followings are tested distributions +- Ubuntu 20.04.2 +- Ubuntu MATE 20.04.2 +- Ubuntu 21.04 +- Void Linux glibc 20210218 mate +- Void Linux musl 20210218 mate +- VOid Linux glibc 20210218 base +See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki/issues/16). ### Added - [Issue 13 : Add ITERTIME configuration parameter to config.txt](https://github.com/suikan4github/kaiten-yaki/issues/13) - [Issue 18 : Add a consideration of the number of key slot](https://github.com/suikan4github/kaiten-yaki/issues/18) +- [Issue 19 : Add a consideration of more flexible partitioning](https://github.com/suikan4github/kaiten-yaki/issues/19) - [Issue 20 : Add a consideration of LUKS stretching](https://github.com/suikan4github/kaiten-yaki/issues/20) - [Issue 21 : Add a document of how to recover from the mistyping of passphrase](https://github.com/suikan4github/kaiten-yaki/issues/21) From 456cbf87cde9d771e90a833595bd4a96980f9306 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 11 Jul 2021 15:53:46 +0900 Subject: [PATCH 48/97] Update changelog for v1.1.0 --- CHANGELOG.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6169074..4e4e18d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,14 +2,23 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd -Added ITERTIME parameter and corrected other small issues. Application notes AN01-04 are added. +### Added +### Changed +### Deprecated +### Removed +### Fixed +### Known Issue + +## [1.1.0] - 2021-07-11 +Added ITERTIME parameter and corrected other small issues. Application notes AN01 - AN04 are added. The Followings are tested distributions - Ubuntu 20.04.2 - Ubuntu MATE 20.04.2 - Ubuntu 21.04 - Void Linux glibc 20210218 mate - Void Linux musl 20210218 mate -- VOid Linux glibc 20210218 base +- Void Linux glibc 20210218 base + See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki/issues/16). ### Added - [Issue 13 : Add ITERTIME configuration parameter to config.txt](https://github.com/suikan4github/kaiten-yaki/issues/13) @@ -48,5 +57,6 @@ See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki ### Known Issue -[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...develop +[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...develop +[1.1.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...v1.1.0 [1.0.0]: https://github.com/suikan4github/kaiten-yaki/compare/v0.0.0...v1.0.0 From 47b40316c032234025344cbfd1593e4d21e5167d Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Mon, 12 Jul 2021 17:55:02 +0900 Subject: [PATCH 49/97] btrfs support Fail to install the ubuntu when the / volume is btrfs #24 --- script/lib/common.sh | 3 ++- script/ubuntu-kaiten-yaki.sh | 9 +++++++++ script/void-kaiten-yaki.sh | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 8fcb0ea..3f9285f 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -291,8 +291,9 @@ function para_install_msg() { function post_install() { ## Mount the target file system # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer + # ${BTRFSOPTION} is defined by the caller of this function for BTRFS formated volume. echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" + mount "${BTRFSOPTION}" /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" # And mount other directories echo "...Mounting all other dirs." diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index 96ace9b..adfbbdd 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -53,6 +53,15 @@ function main() { # Post-install stage # ******************************************************************************* + # If the target volume is formated by btrfs, Ubiquity install the root into the + # @ sub-volume. Thus, mount command inside post_install have to use special option + # to specify @ as mount target. + if lsblk -o NAME,FSTYPE | grep -i "${VGNAME}-${LVROOTNAME}" | grep -i "btrfs" > /dev/null ; then + export BTRFSOPTION="-o subvol=@" + else + export BTRFSOPTION="" + fi + # Distribution dependent finalizing. Embedd encryption key into the ramfs image. # The script is parameterized by env-variable to fit to the distribution post_install diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 5838747..c63f906 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -74,6 +74,9 @@ function main() { # Post-install stage # ******************************************************************************* + # We don't need special option for BTRFSOPTION. + export BTRFSOPTION="" + # Distribution dependent finalizing. Embedd encryption key into the ramfs image. # The script is parameterized by env-variable to fit to the distribution post_install From 3c7691db07f623319a47c71ee7e7e4ecf873911a Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Mon, 12 Jul 2021 22:03:36 +0900 Subject: [PATCH 50/97] Fix the blank option problem. --- script/lib/common.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 3f9285f..ed5be7d 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -291,9 +291,11 @@ function para_install_msg() { function post_install() { ## Mount the target file system # ${TARGETMOUNTPOINT} is created by the GUI/TUI installer - # ${BTRFSOPTION} is defined by the caller of this function for BTRFS formated volume. + # ${BTRFSOPTION} is defined by the caller of this function for BTRFS formated volume. + # ${BTRFSOPTION} have to be NOT quoted. Otherwise, mount will receive an empty + # string as first option, when the veraible is empty. echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." - mount "${BTRFSOPTION}" /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" + mount ${BTRFSOPTION} /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" # And mount other directories echo "...Mounting all other dirs." From ea1a1ae7fd8f58cae297f94cd18ef84ebfb8ae2b Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Mon, 12 Jul 2021 23:12:17 +0900 Subject: [PATCH 51/97] Test OK Fail to install the ubuntu when the / volume is btrfs #24 Tested on Ubuntu and Void Linux. Btrfs and ext4. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e4e18d..e0a9874 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ Record of the modification in project development. ### Deprecated ### Removed ### Fixed +- [Issue 24 : Fail to install the ubuntu when the / volume is btrfs](https://github.com/suikan4github/kaiten-yaki/issues/24) + ### Known Issue ## [1.1.0] - 2021-07-11 From 3bb2a5622cfd8505dd915b0dced97e3bdee06fba Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 17 Jul 2021 14:38:01 +0900 Subject: [PATCH 52/97] Update AN01 for btrfs Issue #26 --- CHANGELOG.md | 2 ++ appnote/an01_howtorecover.md | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0a9874..9282be0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added ### Changed +- [Issue 26 : Update AN01 for btrfs](https://github.com/suikan4github/kaiten-yaki/issues/26) + ### Deprecated ### Removed ### Fixed diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md index 6cc3b9a..563fbc0 100644 --- a/appnote/an01_howtorecover.md +++ b/appnote/an01_howtorecover.md @@ -45,6 +45,11 @@ Following is the example. The (lvm/vg1-mate) is dependent on the system. It has ls set prefix=(lvm/vg1-mate)/boot/grub ``` +Note that above example assume the root volume format is usual one ( ex: ext4, jfs, xfs ). If the root volume is formatted by btrfs, above prefix doesn't work, it should contain the sub-volume name in the path : +``` +ls +set prefix=(lvm/vg1-mate)/@/boot/grub +``` Then, the third step is the same with the BIOS systems. From e1e67af67c92ed2eca4cc304dbe45971b1715b1e Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 17 Jul 2021 14:40:35 +0900 Subject: [PATCH 53/97] Correct spell. --- appnote/an01_howtorecover.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md index 563fbc0..4e17132 100644 --- a/appnote/an01_howtorecover.md +++ b/appnote/an01_howtorecover.md @@ -45,7 +45,7 @@ Following is the example. The (lvm/vg1-mate) is dependent on the system. It has ls set prefix=(lvm/vg1-mate)/boot/grub ``` -Note that above example assume the root volume format is usual one ( ex: ext4, jfs, xfs ). If the root volume is formatted by btrfs, above prefix doesn't work, it should contain the sub-volume name in the path : +Note that above example assumes the root volume format is usual one ( ex: ext4, jfs, xfs ). If the root volume is formatted by btrfs, above prefix doesn't work. The path name should contain the sub-volume name : ``` ls set prefix=(lvm/vg1-mate)/@/boot/grub From d5e113259fcd9e3732f8d6359e7571db661954d1 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 17 Jul 2021 15:05:43 +0900 Subject: [PATCH 54/97] Refactoring: Sourcing config.sys is not needed in the chrooted_job #25 --- CHANGELOG.md | 1 + script/lib/chrooted_job_ubuntu.sh | 4 ---- script/lib/chrooted_job_void.sh | 4 ---- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9282be0..fe0908a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added ### Changed +- [Issue 25 : Refactoring: Sourcing config.sys is not needed in the chrooted_job](https://github.com/suikan4github/kaiten-yaki/issues/25) - [Issue 26 : Update AN01 for btrfs](https://github.com/suikan4github/kaiten-yaki/issues/26) ### Deprecated diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index 2d953ca..6d8cd57 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -1,9 +1,5 @@ #!/bin/bash -# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir -# shellcheck disable=SC1091 -source config.sh - # Create a key file for LUKS and register it as contents of the initramfs image function chrooted_job() { # Mount the rest of partitions by target /etc/fstab diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index 2d50a73..9ce0c82 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -1,9 +1,5 @@ #!/bin/bash -# Include configuration. This sript file have to be executed at Kaiten-yaki/script dir -# shellcheck disable=SC1091 -source config.sh - # Create a key file for LUKS and register it as contents of the initramfs image function chrooted_job() { # Mount the rest of partitions by target /etc/fstab From fd6663d2f300115efe4b0e09bcda6532e535482b Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 17 Jul 2021 16:00:03 +0900 Subject: [PATCH 55/97] Add btrfs support in the README. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b22dc3a..68a318c 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ The followings are the list of functionalities: - Automatic detection of BIOS/EFI firmware and create MBR/GPT, respectively. - Create an EFI partition, if needed. - Support multiple boot in a LUKS partition. +- Support btrfs in addition to the major file systems. - The "/boot" is located in the same logical volume as the "/". - The swap logical volume is located inside the encrypted volume. - You need to type a passphrase only once in the boot sequence. From 36acfe505bedb684e921bd5245cde63f74dea2f9 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 18 Jul 2021 21:11:26 +0900 Subject: [PATCH 56/97] Removed Y/N confirmation Eliminates the confirmation dialog Issue #27 --- script/lib/common.sh | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index ed5be7d..7b022e0 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -61,42 +61,8 @@ function confirmation(){ "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. Are you sure to install? [Y/N] HEREDOC - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<- HEREDOC - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - # For sure ask to erase. - if [ "${ERASEALL}" -ne 0 ] ; then - echo "Are you sure you want to erase entire \"${DEV}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable ERASEALL is ${ERASEALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if erase all - - # For sure ask to overwrite. - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - echo "Are you sure you want to overwrite \"${LVROOTNAME}\" in \"${VGNAME}\"? [Y/N]" - read -r YESNO - if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then - cat <<-HEREDOC - ...Check your config.sh. The variable OVERWRITEINSTALL is ${OVERWRITEINSTALL}. - - ...Installation process terminated.. - HEREDOC - return 1 # with error status - fi # if YES - fi # if overwrite # ----- Set Passphrase ----- # Input passphrase From 8bf48b9b0c2c03efc2f558259369e24c906a50b4 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 18 Jul 2021 21:53:48 +0900 Subject: [PATCH 57/97] Refine the parameter printing. --- script/lib/common.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 7b022e0..6e4c6ea 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -57,11 +57,21 @@ function confirmation(){ # For surre ask the your config.sh is edited cat <<- HEREDOC - The destination logical volume label is "${LVROOTNAME}" - "${LVROOTNAME}" uses ${LVROOTSIZE} of the LVM volume group. - Are you sure to install? [Y/N] + LUKS volume partition : ${DEV}${CRYPTPARTITION} + LUKS volume name : "${CRYPTPARTNAME}" + Volume group name : "${VGNAME}" + Root volume name : "${VGNAME}-${LVROOTNAME}" + Swap volume name : "${VGNAME}-${LVSWAPNAME}" + Size of "${VGNAME}-${LVROOTNAME}" : ${LVROOTSIZE} HEREDOC + if [ "${ERASEALL}" -ne 0 ] ; then + echo "Going to erase entire disk ${DEV}." + elif [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + echo "Going to overwrite the logical volume \"${VGNAME}-${LVROOTNAME}\"." + else + echo "Going to create a new logical volume \"${VGNAME}-${LVROOTNAME}\"." + fi # ----- Set Passphrase ----- From 73c2e1e2e222ad918d4a2a673b6e2b515008583b Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 18 Jul 2021 21:59:43 +0900 Subject: [PATCH 58/97] Update the INSTALL.md and CHANGELOG.md Eliminates the confirmation dialog #27 --- CHANGELOG.md | 1 + INSTALL.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe0908a..bdf0fc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ Record of the modification in project development. ### Changed - [Issue 25 : Refactoring: Sourcing config.sys is not needed in the chrooted_job](https://github.com/suikan4github/kaiten-yaki/issues/25) - [Issue 26 : Update AN01 for btrfs](https://github.com/suikan4github/kaiten-yaki/issues/26) +- [Issue 27 : Eliminates the confirmation dialog](https://github.com/suikan4github/kaiten-yaki/issues/27) ### Deprecated ### Removed diff --git a/INSTALL.md b/INSTALL.md index b0b01bd..991dc4c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -142,7 +142,7 @@ In the case of Void Linux ```bash source void-kaiten-yaki.sh ``` -After several interactive confirmations, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the first distribution installation. +After printing the configuration parameters, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the first distribution installation. ## Second stage : GUI/TUI installer After the first script finishes, the GUI/TUI installer starts automatically. Configure it as usual and run it. Ensure you map the following correctly. From e0ff77c549e3e2b0bb80ccfb63d034aa8d7680a6 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 21 Jul 2021 05:44:21 +0900 Subject: [PATCH 59/97] Explain the target is AMD64 explicitly. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 68a318c..f8b43aa 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Kaiten-yaki: Full disk encryption install script for Linux -Kaiten-yaki is a script set to install Linux to your desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. +Kaiten-yaki is a script set to install Linux to your AMD64 desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. The followings are the list of functionalities: - Ubuntu and Void Linux. From 00d506a017f68709f1cfac36094d83bca80024c7 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 21 Jul 2021 09:27:45 +0900 Subject: [PATCH 60/97] Removed applicaiton notes. Move application notes to Wiki Issue #28 --- CHANGELOG.md | 2 + README.md | 7 +-- appnote/an01_howtorecover.md | 67 ------------------------- appnote/an02_keyslot.md | 83 ------------------------------- appnote/an03_itertime.md | 48 ------------------ appnote/an04_favoritepartition.md | 44 ---------------- 6 files changed, 4 insertions(+), 247 deletions(-) delete mode 100644 appnote/an01_howtorecover.md delete mode 100644 appnote/an02_keyslot.md delete mode 100644 appnote/an03_itertime.md delete mode 100644 appnote/an04_favoritepartition.md diff --git a/CHANGELOG.md b/CHANGELOG.md index bdf0fc5..02d25ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ Record of the modification in project development. ### Deprecated ### Removed +- [Issue 28 : Move application notes to Wiki](https://github.com/suikan4github/kaiten-yaki/issues/28) + ### Fixed - [Issue 24 : Fail to install the ubuntu when the / volume is btrfs](https://github.com/suikan4github/kaiten-yaki/issues/24) diff --git a/README.md b/README.md index f8b43aa..52ccfa9 100644 --- a/README.md +++ b/README.md @@ -48,11 +48,8 @@ If you install two or more Void Linux into the EFI system, only the last one can # Variants considerations Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. -# Application notes -- [AN01 : How to recover from the mistyping of the passphrase](appnote/an01_howtorecover.md) -- [AN02 : Managing LUKS key slots](appnote/an02_keyslot.md) -- [AN03 : The ITERTIME parameter and vulnerability](appnote/an03_itertime.md) -- [AN04 : How to make LUKS volume to the favorite partition](appnote/an04_favoritepartition.md) +# Other resources +See [Wiki](wiki/) for the application notes and the useful links. # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. diff --git a/appnote/an01_howtorecover.md b/appnote/an01_howtorecover.md deleted file mode 100644 index 4e17132..0000000 --- a/appnote/an01_howtorecover.md +++ /dev/null @@ -1,67 +0,0 @@ -# AN01 : How to recover from the mistyping of the passphrase -The mistyping of the passphrase is painful, in the full disk encrypted Linux. - -In the usual encrypted Ubuntu install by Ubiquity, mistyping disk passphrase is warned by the kernel, and prompted to re-type. But in the full encrypted system, the user sees a boring message and command prompt. Usually, the user just gives up and reboot. It adds tens of second to reboot, and discourage the user to use a long passphrase. - -![bios](../image/an01_bios.png) - -This application note explains how to recover from this condition, quickly. - -# BIOS system -In the BIOS system, the recovery is pretty easy. - -In the case of the mistyping passphrase, GRUB goes into rescue mode. The user can recover by 3 commands from this mode. - -``` -cryptomount -a -insmod normal -normal -``` - -The **cryptomount** command tries to mount the encrypted partition specified by parameter. To mount it, GRUB prompts the user to type the passphrase. The "-a" option means all encrypted partitions. If the system is encrypted by Kaiten-yaki, it has only one encrypted LUKS partition. So, this is the easiest way. - -The **insmod** command loads a GRUB command module from the mounted storage and inserts it into the command list. The second line loads the "normal" command which displays the normal menu to the user. - -Finally, **normal** command shows the normal boot menu to the user. - -Now, the user can select the system to boot as usual. - -# EFI system -In the EFI system, recovery needs extra steps compared to the BIOS system. - -Unlike the BIOS system, GURB is not in the rescue mode but the normal mode, when the passphrase is mistyped. So, the user can use command completion. This is better than the BIOS system. - -The first step of the recovery is the same with the BIOS system. -``` -cryptomount -a -``` -Again, in the EFI system, the user can use the command completion by pressing the [TAB] key. - -The second step is unique in the EFI system. The user can check the list of volumes existing in the system by **ls** command. The ls command allows the user can identify which volume contains the grub menu. And then, the user picks the right volume and assign it to the **prefix** variable, with the grub path. - -Following is the example. The (lvm/vg1-mate) is dependent on the system. It has to be substituted by the appropriate volume name for each system. - -``` -ls -set prefix=(lvm/vg1-mate)/boot/grub -``` -Note that above example assumes the root volume format is usual one ( ex: ext4, jfs, xfs ). If the root volume is formatted by btrfs, above prefix doesn't work. The path name should contain the sub-volume name : -``` -ls -set prefix=(lvm/vg1-mate)/@/boot/grub -``` - -Then, the third step is the same with the BIOS systems. - -``` -insmod normal -normal -``` -Following is the screenshot of the command sequence to recover the mistyping of the passphrase. - -![bios](../image/an01_efi.png) - -## Conclusion -In the full disk encrypted system, mistyping of the passphrase is more painful than the partially encrypted system. The user can overcome this situation with several steps of commands and can show the normal boot menu. - -![bios](../image/an01_normal.png) diff --git a/appnote/an02_keyslot.md b/appnote/an02_keyslot.md deleted file mode 100644 index 525554f..0000000 --- a/appnote/an02_keyslot.md +++ /dev/null @@ -1,83 +0,0 @@ -# AN02 Managing LUKS key slots -If somebody wants to install two or three distributions into a system, Kaiten-yaki works perfectly. There is no problem at all. - -On the other hand, some extreme cases like installing distributions as many as possible, or repeating the overwrite installation unveils the limitation of the number of the LUKS key slots. The user must understand and must manage the LUKS key slots well, to handle these cases. - -This application note explains the limitations and difficulties that come from the number of LUKS key slots, and how to overcome that limitation( if possible ). - -# The LUKS key slots -The LUKS volume has 8 key slots which can stores one key hash value. In other words, the user can use 8 different keys to open a LUKS volume. - -In this context, the "user" is not limited to a human being. Any software can use a passphrase to open a LUKS volume. Thus, even only one person uses a computer, multiple key slots may be used. - -If an user ( or software ) feeds a passphrase to open a LUKS volume, the management software ( dm-crypt library ) scans key slots and check whether there is a matching slot or not. If there is a slot in which the stored hash value matches with the hash value of the given passphrase, that passphrase is the right one. - -# How Kaiten-yaki uses the LUKS key slots -Kaiten-yaki uses N+1 LUKS key slots to install the N distributions in a system ( where N is an integer ). - -Whenever Kaiten-yaki creates a LUKS volume, it registers a passphrase typed by the user. This passphrase is stored in the key slot 0. So, when the user types his passphrase correctly at boot time, its hash will be matched with the hash value in slot 0, by default. - -In addition to the user passphrase, Kaiten-yaki uses one key slot to register the passphrase to let the Linux kernel open the LUKS volume. This passphrase is different from the user passphrase. Actually, this passphrase is random binary brock generated by /dev/random. This key is stored in the file under /etc/luks. Even somebody watches its value over the shoulder of a user, the risk is small because it is difficult to read for a human being. - -Anyway, this usage defines the maximum number of Linux installed in a system. That is 7 if all are installed by Kaiten-yaki. If a user try to install the 8th distribution in a LUKS volume with Kaiten-yaki, it will fail because there is no vacant LUKS key slot. -# Overwrite installation -The overwrite installation is another case that consumes a LUKS key slot. - -if the variable OVERWITEINSTALL in config.sh is set to 1, Kaiten-yaki just overwrites an existing logical volume in the LUKS volume. Also, in this case, Kaiten-yaki registers a new key file for the new installation. Thus, while the number of the installed Linux is the same, the number of the used LUKS key slot is increased. - -Eventually, the user fails to install even the installed Linux is small like 2 or 3, if there is not vacant LUKS key slot. -# Managing key slots -Some users may want to delete a key slot to install another distribution. In this case, they must know which LUKS key slots are used or not. - -This section explains how to investigate the used slots. - -First of all, user can list the status of the all LUKS key slots. The example of this command is shown below. Slot 0, 1, and 2 are occupied : -``` -takemasa@mate-vm:~$ sudo cryptsetup luksDump /dev/sda2 | grep -i bled -Key Slot 0: ENABLED -Key Slot 1: ENABLED -Key Slot 2: ENABLED -Key Slot 3: DISABLED -Key Slot 4: DISABLED -Key Slot 5: DISABLED -Key Slot 6: DISABLED -Key Slot 7: DISABLED -``` -If there is still a vacant LUKS key slot, the user can install another distribution without deleting the existing slot. But if there is not vacant LUKS key slot at all, the user must delete an occupied but unused slot. To know such a slot, the user must mark all the occupied and used slots. - -First of all, check the LUKS key slot for the user passphrase. Run the followings command. -```sh -cryptsetup -v --test-passphrase luksOpen /dev/sdXN -``` -Where X is a, b, c..., N is 1, 2, 3... - -The command will prompt to type the passphrase to decrypt. If the user types the correct passphrase, the command shows the key slot number of that passphrase. The followings are the example : -``` -takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2 -Enter passphrase for /dev/sda2: -Key slot 0 unlocked. -Command successful. -``` -We can see the slot 0 is used. - -Next, run the following command **for each** installation of distribution. This command shows the slot number which stores the key of the passphrase file passing to the kernel. /etc/luks/boot_os.keyfile is created by Kaiten-yaki, during the installation - -```sh -sudo cryptsetup -v --test-passphrase luksOpen /dev/sdXN --key-file /etc/luks/boot_os.keyfile -``` -Followings are the sample execution : -``` -takemasa@mate-vm:~$ sudo cryptsetup -v --test-passphrase luksOpen /dev/sda2 --key-file /etc/luks/boot_os.keyfile -Key slot 2 unlocked. -Command successful. -``` -By repeating this command inside all installations, the user can list up the occupied and used slots. The other slots are occupied but not used. - -Finally, the user can delete the appropriate occupied but not used LUKS key slot by the following command. -```sh -sudo cryptsetup luksKillSlot /dev/sdXN key_slot_number_to_delete -``` -# Conclusion -For the typical case like installing 2 or 3 distributions in a system, there is no problem to use Kaiten-yaki, at all. - -But if users want to install as many as possible, or repeat the overwrite install, they must understand the number of the LUKS key slots. \ No newline at end of file diff --git a/appnote/an03_itertime.md b/appnote/an03_itertime.md deleted file mode 100644 index 2d440a8..0000000 --- a/appnote/an03_itertime.md +++ /dev/null @@ -1,48 +0,0 @@ -# AN03 The ITERTIME parameter and vulnerability -The ITERTIME configuration parameter in the config.sh can provide a better user experience during the passphrase input. It can reduce the pain of the longer passphrase and encourage users to use longer passphrases. - -On the other hand, it may pull a vulnerability. - -The followings are the consideration around the ITERTIME parameter. - -## The passphrase experience -Let's assume there is a Ubuntu desktop system in which the disk was encrypted by Ubiquity installer without Kaiten-yaki. In this system, the /boot partition is installed as a separate and un-encrypted state. So, the Linux kernel file is not protected. - -If the user mistyped the passphrase at boot, Ubuntu prompts to type a passphrase again. There is no pain. It just asks. - -Now, let's see what's happen if a user mistyped the passphrase on the system which was installed by Kaiten-yaki. It takes a very wrong time to see the error message. And the system doesn't prompt to type again ( The prompt issue is discussed in the [AN01](an01_howtorecover.md) ). Especially, the more number of the installations in a system makes the longer duration till the error message. Sometimes this is unbearable pain to the user. - -This kind of pain de-motivates users to use a long passphrase, because the longer passphrase causes more mistypes. As a result, some users may use the shorter passphrase. The bad user experience of passphrase input may help the malicious attackers. - -## Why the full disk encryption is so slow at passphrase input -GRUB is the root cause of this slow user passphrase matching. - -The passphrase is hashed and stored to LUKS key slot when a LUKS volume is created ( or, a new passphrase is added ). The stored hash value is not simple. The cryptsetup command makes hash value from the user passphrase. And then, create the next hash from this hash. And then, create a third hash from the 2nd hash, so on. This repeating is named [key stretching](https://en.wikipedia.org/wiki/Key_stretching). - -The key stretching technique enforces malicious attackers to use more computation resources on the brute force attacking. The more stretching iteration times require the more resources to attack. - -Of course, there is a balance and security strength. By default, the cryptsetup command takes the iteration needing 1 sect to calculate the passphrase hash, for the LUKS1 format. This sounds like a good balance. The cryptsetup runs on Linux when it calculates the appropriate iteration of key stretching. So, there is no problem if Linux challenges user passwords. It will take about 1 sec, by default on the Linux system. 1 second is acceptable for almost users. - -But there is a pitfall. On the full disk encryption system by Kaiten-yaki, the /boot is encrypted. So, to load the Linux kernel, GRUB has to decrypt the LUKS volume. That means GRUB has to calculate the passphrase hash. Unfortunately, this calculation is slower than Linux's one. Thus the user has to wait longer than 1 second. - -The duration by GRUB to calculate the passphrase hash value is up to the system. It depends on the CPU. Also, In addition to this slow hashing, GRUB has to scan all used key slots when the user mistyped. For example, if 3 distributions are installed in a LUKS volume by Kaiten-yaki, 4 key slots are used. Thus, if it takes 10 seconds to challenged one hash by GRUB, this system takes 40seconds to show "The wrong password". - -This is the mechanism of the slow response at the passphrase input. -## The key stretching, the --iter-time parameter, and the vulnerability -Kaiten-yaki can relax this pain by ITERTIME configuration parameter in config.sh. This parameter is passed to the cryptsetup command as --iter-time parameter. - -By setting 1000 to the ITERTIME, cryptsetup takes the key stretching iteration cycle to take 1000 milliseconds. By setting 100, it will be 100 milliseconds. It is believed the default value of --iter-time is 1000 ( Its compile default ). Thus, choosing 100 as ITERTIME shorten the duration to the "Wrong password" from 40 seconds to 4 seconds, in the above example. This sounds acceptable. - -On the other hand, the smaller ITERTIME is the weaker to the bute force attack. It is assumed the strength of the passphrase hash is linear to the ITERTIME parameter ( --iter-time parameter of cryptsetup ). - -## The longer passphrase vs. longer key stretching -While the passphrase hash strength is considered linear to the key stretching iteration, the passphrase strength is exponential to its length. - -There many discussions on the strength of the passphrase. Simply speaking, Adding one alphabet ( a-z ) may expand its strength 26 times. That is why the long passphrase is very important. - -The 1/10 strength of the key stretching can be covered by adding 1 character to the passphrase. - -## Conclusion -The full disk encryption will give big pain to the user at the passphrase input phase. It seems to be reasonable to use the smaller ITERTIME ( --iter-time ) parameter to encourage the user to use the longer passphrase like 20 letters, from the viewpoint of security. - -The security policy is up to the people, community, and mission. The consideration here assumed the desktop PC as a hobby. For mission-critical usage, the user should consult security experts. \ No newline at end of file diff --git a/appnote/an04_favoritepartition.md b/appnote/an04_favoritepartition.md deleted file mode 100644 index 8ef4b61..0000000 --- a/appnote/an04_favoritepartition.md +++ /dev/null @@ -1,44 +0,0 @@ -# AN04 How to make LUKS volume to the favorite partition -Kaiten-yaki creates the LUKS volume on the 1st partition for the BIOS system ( 2nd partition for the EFI system ) by default. Also, Kaiten-yaki assigns all space for the LUKS volume, except the space for the EFI partition. - -This application note explains how to use the favorite partition with favorite size for LUKS volume. - -## Step 1: Making partitions -To use custom partitioning, the user must create all partitions by themselves. The user can do it with the popular partitioning tool like gparted. It is recommended to set the partition table as MBR and GPT for BIOS and EFI systems, respectively. - -In this documentation, we assume the user wants to use /dev/sda5 as LUKS partition to install Ubuntu, as example. -## Step 2: Configuration -Next user must configure the config.sh. - -The first parameter to edit is **DEV** parameter which represents the target device. In this example, it must be set as /dev/sda. -```sh -export DEV="/dev/sda" -``` -The second parameter to edit is **CRYPTPARTITION**. By default, this parameter is set automatically according to the firmware type. The EFIPARTITION parameter can be left untouched. This parameter is not used. -```sh -if [ ${ISEFI} -ne 0 ] ; then -# EFI firmware -export EFIPARTITION=1 -export CRYPTPARTITION=5 -else -# BIOS firmware -export CRYPTPARTITION=5 -fi # EFI firmware -``` -Makes sure the **ERASEALL** and **OVERWRITEINSTALL** are 0. -## Step 3: Make LUKS partition -After saving the customer config.sh, run the following command to set the environment variable. -```sh -source config.sh -``` -Then, run the following command to create a LUKS volume. -```sh -cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 "${DEV}${CRYPTPARTITION}" -``` -This command sets up the LUKS volume on the specified partition. This command also asks for the passphrase of this LUKS volume. -## Step 4: Run Kaiten-yaki -Now, it's a time to run Kaiten-yaki -```sh -source kaiten-yaki-ubuntu -``` -All other operations are same with usual install. \ No newline at end of file From f92e09229583c3f27ce813d1742015e266c756f4 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 21 Jul 2021 09:31:55 +0900 Subject: [PATCH 61/97] Fixed link to wiki. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 52ccfa9..3626ff6 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ If you install two or more Void Linux into the EFI system, only the last one can Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. # Other resources -See [Wiki](wiki/) for the application notes and the useful links. +See [Wiki](https://github.com/suikan4github/kaiten-yaki/wiki) for the application notes and the useful links. # Acknowledgments These scripts are based on the script by [myn's diary](https://myn.hatenablog.jp/entry/install-ubuntu-focal-with-lvm-on-luks). That page contains rich information, hint, and techniques around the encrypted volume and Ubiquity installer. From 47bfcac6ccb76100de2db30099e52c8e7b671f37 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 21 Jul 2021 21:14:59 +0900 Subject: [PATCH 62/97] Refinet the configuration parameter display --- script/lib/common.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 6e4c6ea..cd0365c 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -61,8 +61,10 @@ function confirmation(){ LUKS volume name : "${CRYPTPARTNAME}" Volume group name : "${VGNAME}" Root volume name : "${VGNAME}-${LVROOTNAME}" + Root volume size : "${LVROOTSIZE}" Swap volume name : "${VGNAME}-${LVSWAPNAME}" - Size of "${VGNAME}-${LVROOTNAME}" : ${LVROOTSIZE} + Swap volume size : "${LVSWAPSIZE}" + --iter-time parameter : ${ITERTIME} HEREDOC if [ "${ERASEALL}" -ne 0 ] ; then From 44bb28e50a54d2d1bcd3d2ee6c573418c68f11b7 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Fri, 23 Jul 2021 08:17:47 +0900 Subject: [PATCH 63/97] Refine the INSTALL.md --- INSTALL.md | 35 ++++++++++++++++++----------------- image/an01_bios.png | Bin 5718 -> 0 bytes image/an01_efi.png | Bin 10519 -> 0 bytes image/an01_normal.png | Bin 7280 -> 0 bytes 4 files changed, 18 insertions(+), 17 deletions(-) delete mode 100755 image/an01_bios.png delete mode 100755 image/an01_efi.png delete mode 100755 image/an01_normal.png diff --git a/INSTALL.md b/INSTALL.md index 991dc4c..a4ef2d6 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -9,31 +9,32 @@ You can execute the install script without the command line parameter. For examp ```sh source ubuntu-kaiten-yaki.sh ``` -The first stage of the script is preparation like: erasing a disk, format partition, and encryption. This is the most critical stage of the entire installation process. This part is controlled by the configuration parameter. Thus, you have to edit the config.txt carefully. +The first stage of the script is preparation like: erasing a disk, format partition, and encryption. This is the most critical stage of the entire installation process. This part is controlled by the configuration parameter. Thus, you have to edit the config.sh carefully. In the second stage, the distribution-dependent GUI/TUI installer is invoked from the running script. That is the Ubiquity/void-installer of Ubuntu/Void Linux, respectively. -The third configure the target Linux system to decrypt the encrypted volume automatically, without prompting user to type passphrase. In this stage, Everything is automatic. +The third stage configures the target Linux system to decrypt the encrypted volume automatically, without prompting user to type passphrase. In this stage, Everything is automatic. # Installation Follow the steps below. ## Shell preparation -First of all, promote the shell to root. Almost of the procedure in the installation requires root privilege. Note that the scripts require Bash. +First of all, promote the shell to root. Kaiten-yaki script requires root permission to edit the storage device. Note that the scripts require Bash as shell. In the case of Ubuntu installation: -```bash +```sh # Promote to the root user sudo -i /bin/bash ``` In the case of Void Linux installation: -```bash +```sh +# Promote to the root user sudo -i /bin/bash xbps-install -Su xbps nano ``` -The nano is an editor package to configure the config.txt. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. +The nano is an editor package to configure the config.sh. The choice of editor is up to you. Kaiten-yaki script doesn't have a dependency on nano editor. And then, go to the kaiten-yaki/script directory. -```bash +```sh cd /the/downloaded/directory/kaiten-yaki/script ``` Now, ready to configure. @@ -43,13 +44,13 @@ This is a very critical part of the installation. The configuration parameters a Followings are the set of the default settings of the parameters : - Install to **/dev/sda** (DEV). - Do not erase the entire disk (ERASEALL). -- Overwrite install is disabled. +- Do not overwrite the existing logical volume (OVERWRITEINSTALL). - In the case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE). - Create a logical volume group named "vg1" in the encrypted volume (VGNAME) - Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE) - Create a logical volume named **"anko"** as root volume, in the "vg1". The size of the new volume is the **50%** of the free space (LVROOTNAME, LVROOTSIZE). -```bash +```sh # Configuration parameters for Kaiten-Yaki # Storage device to install the linux. @@ -120,11 +121,11 @@ And set the following parameters as same as the previous installation. - VGNAME - CRYPTPARTNAME -Kaiten-yaki will leave the "bad" logical volume and allow you to overwrite it by GUI/TUI installer. +Kaiten-yaki will leave the LUKS encrypted partition and allow you to overwrite the "bad" logical volume by GUI/TUI installer. ### About ITERTIME parameter This parameter is recommended to left as default value (=0), unless you understand what it mean well. -The ITERTIME parameter is passed as --iter-time parameter to the [cryptosetup command](https://man7.org/linux/man-pages/man8/cryptsetup.8.html), when script setup the LUKS crypto volume. +The ITERTIME parameter is passed as --iter-time parameter to the [cryptosetup command](https://man7.org/linux/man-pages/man8/cryptsetup.8.html), when script setup the LUKS crypto volume. See [AN03](https://github.com/suikan4github/kaiten-yaki/wiki/AN03:-The-ITERTIME-parameter-and-vulnerability) The unit of value is milliseconds. The target linux kernel may take this duration, to calculate a hash value from the given passphrase. You can change this duration through this parameter. @@ -134,15 +135,15 @@ The smaller value gives the weaker security. After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as the root user, and you have to use Bash. In the case of Ubuntu : -```bash +```sh source ubuntu-kaiten-yaki.sh ``` In the case of Void Linux -```bash +```sh source void-kaiten-yaki.sh ``` -After printing the configuration parameters, Kaiten-yaki will ask you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the first distribution installation. +After printing the configuration parameters, Kaiten-yaki will prompt you to input a passphrase. This passphrase will be applied to the encryption of the LUKS volume. Make sure you use identical passphrases between all installations of the distributions in a computer. Otherwise, the install process terminates with an error, except the case of the ERASEALL configuration parameter is 1. ## Second stage : GUI/TUI installer After the first script finishes, the GUI/TUI installer starts automatically. Configure it as usual and run it. Ensure you map the following correctly. @@ -152,12 +153,12 @@ Target Directory | Host Volume | Comment / | /dev/mapper/vg1-ubuntu | Host volume name is up to your configuration parameter. swap | /dev/mapper/swap | Only the first distribution installation requires this mapping. -During the GUI/TUI installer copying files, Kaiten-yaki modifies the /etc/default/grub of the target system. This is the pretty dirty way. But if we don't modify this file, GUI/TUI installer fails at last. +During the GUI/TUI installer copying files, Kaiten-yaki modifies the /etc/default/grub of the target system. This is a pretty dirty way. But if we don't modify this file, GUI/TUI installer fails at last. ![Ubuntu Partitioning](image/ubuntu_partitioning.png) ![Void Partitioning](image/void_partitioning.png) -## Do not reboot +### Do not reboot At the end of the GUI/TUI installing, do not reboot the system. Click "Continue" and just exit the GUI/TUI installer without rebooting. Otherwise, we cannot finalize the entire installation process. ![Ubuntu done](image/ubuntu_done.png) @@ -166,7 +167,7 @@ At the end of the GUI/TUI installing, do not reboot the system. Click "Continue" ## Third stage: Finalizing After GUI/TUI installer quits without rebooting, the final part of the install process automatically starts. -In this section, Kaiten-yaki put the encryption key of the LUKS volume into the ramfs initial stage to allow the Linux kernel to decrypt the LUKS partition which contains root logical volume. Thus, the system will ask you passphrase only once when GRUB starts. +In this section, Kaiten-yaki put the encryption key of the LUKS volume into the initramfs image to allow the Linux kernel decrypting the LUKS partition which contains root logical volume. Thus, the system will ask you the passphrase only once when GRUB starts. You can reboot the system if you see the "Ready to reboot" message on the console. diff --git a/image/an01_bios.png b/image/an01_bios.png deleted file mode 100755 index 034f2e73da997a3690aa576240190a9a07c65bfd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5718 zcmb_gc{E%5zTa(6j#F;yRE1ND9%Ip(hZ@RNQz=R$X3-+%P%}04=uxHU5maNIOG4Bb z#8C4!Mr#%k5>w4F&t7`&yX(ER-oNj=)^A>W|MvcVKi@IN*hu#pGZ!-e0N3;$Ye4|u zay?_7{>x=X|Gk_2fH7S1h3Gy4aD%tMGZsHNYZz((K*f8O)8`<@`s$0vmc9URz5PeK z)a_O5$k_bdPus#z(+Ba~&(+KG4%8Ki0A!?Oq?M%6!dcxovX6xPU>^ zOBdnEbg%q6J;BS0#rNsnn0`feRk`%j!S*zSpi^h&nwhS%6mdh4mz9{ zgvC{osno=ke|9SuW6&0@)lUo{LmfFpsAETJou|fRnQ#v#Dw(PfcQbi!gyTfs!yGou z|5OOmWI)J-j$+n@N&hmRl$xyQ<2375^IM0Le+L=~YnB=)#b!@2(PCQY1n(2>n1)G{ z*01z9a{ScX<8L}L8EDsgK7O#kB3A*W0mX_OR$G_?Uz&owQ|xc={89st`q5ObMcGTU zWOB1z>jWX)<f6-OhD*dZ5Y^g+$Fgxwmhx2eC z{CT#Hf))_coK}cYC)52peV(7_rs@GCuFe57TD5Q>X=`L-fxNgeULq(8)O|ZYP)PGM zMjc6r@(Sd`aD>ztmK|yqnJoSl=}?waUU{^`lK_#PLEiEFbVYBU&2V|lqbA8gaNl@f zH@TWrlQQ4}i^CV{grp@Gm@x>jRk)UE;+0_jvbTsRqdaMHJNm_~OQ9Iu zu$DIQlfeVOOquKgwO>*>zc8KPPcN!E(+@yib(~%Yem$9MB#BOet(?CR_wPmYrmLx8m~ez0=-MX2rkF1Er<%Chjed8L@1QfIyj zO9DS)fF5~&z#zzy!D}@|L?hbOVZ=f)i`@W1K%wDd@12X8KFu0L=il#5%Z4OI?le6w zI7jzvEOe<%os;H9Rfo4#5?WZ@4)0{|#_}nrZmjwgx7B0HQc1ssHI{|l#??sIj|X(U zZ<@+C3OE@3bHj%vp*L^4W&47g;6@UMOEgL3T|09#6Q#RyrG1pw)40hQP=nP8ffd^K z#+luEx)7q2ZFbFJQcN6H^HD}Ry@0K`_qy-_WcrPF+k5~OEGIV#x0UsEgxV!y1|7L~ zu=W@N?RAH(J*)6{sYLea1^4$79+}~L&>=2s>@*I;zb<<6=f~|Fo{qz9uxaZ?aETN5 zdyL17PKM2Z!9HUjibX}bLx=QXnHiAVvYst=zX#i%fiVe%@gKz|c({HjR3|zgMviZ2 zS8?Wg*Z;{TP%rQ!vEN^02_!Gafu^`uyZPOYZXOE?=n&~n<4RZ&={}Om79~IPtk&`# zFGJ%;%o60CnbYbzsztSRy7O~ajrvkQHU?Q2qzPAeSmzFyX``N}$RG=3tf<0@C=>a2 z9hI^yB=NfrW7itKbTyzALrhP0G<{!58nG`F?_QsY54e-sOVw0_f5a zv(3$nGD5n{d9D&~xtZ-#0w0n#a=pMDYmhzI>>z}GVpH3SaELrq#QOc6t znLS00Q?)}AuIp19v42#ZhM5iZ`FnxoG$LGS_9Q1S)#OuX=rwv95=`#R@2(aWaD2Yqxkxl&1A(~dJq4B zQJAU_-=AfYMeS6oV@sKIu?fmeITn_%v5M;%{7V~em&YmM%a8Dq?UC!W`Es_VjLn%W zD5?SS?F|H{MWJlh$KhUg6JLrxl?+n$U)J9}N#3CZX)!TCZr#+PzxxP5i`Vu0>@H`@ z*T3Tr?_L)>-Fka{!*P5balsuSzc+qoOv0wpE#!XImVHOq-X9C?g8qd^3e#q%eG8uI0Qr|7~#7KGwWG zq%$c8i_xnQR1|YjMYLkjXqZe=EccNV?~{8%-p_3i)JHeRg-f))^%Os=6r96WYqi%F zY3qoV1e6Lt;f_lz$oX{70*tm4((CP5!(o_Yt5QMOC|T@$TBMI0LW3tHpe(23Y9L3W zI+&KXc6Vd@YF3#U+C!0D!IJLFuz>^07#rg+pMN=PB^2YUDz=hE9t6+YuT|9DoM`)Cz zMPb1;BeP|*D?n&{Nx8=I;`4~wz(m0m3+qt?UQv|xhhw=Q*fqh6-CRf%0A_51%_cT# z6}g&O8$HMay15{20yT@Qho=R>AK3ak*+Hj`;TQ;yr3cG(?9ZHB!*R}PekUu z?oR+^aUl!5)^r|;53%{OQNl?vE2rE5np@8|k=4&Lay(EnETBx{SE+H1I2M}3qOsu; z*4}|`focl%A&5zfS-@^0u*cpLI82dtmJBRF1~C=yh|l4tKj36B+DP%3*RK7&4yWjNvOCX@o(duv3Z2_}U-PLqeY1;hIoYG`8| zlB#c*#zGtD1<&S(<@%4R-OlIX;Ot3UEC_t*m8A5Z{4Y&P0TiJms6BENH1eLpJEpvb zvnr;cBFQ6t5bV*yo^|CL;MFH_BJ=*w_qoDl$%S=XtZfURS9sGbuxB;}#H`jSKCOMq z|3W?F&(m$6g-f%eBX+Or$i*#(Nad{aZ9{PmrB27ziO=WI`M=QdAIL_uPv=VyB|Jn9 zoE~2J5_gvU`mYsSQbGTtRs^QRjXn|W>C^3)^6B1#dUG3UyM-@<8Q;fB0{rqLaU|5Bmf(MI5Tt_NVmGE4G*ckC>yGLjT*?;itdQEPRw-dLLn;+aMIc+Vt z8IO5pGr@t5c?=6kCBDbhAP3wIHiirXWZ1AZ@im>;9Lbid_*>*A`wJ%-A!MstOk5?h zHD3or>dISC5biTW#=T*gV&>I@aP>x?-tKtFDc#Uwgm1H4H%yx};=6|9YBne7MEGMp2VeN!Jd#|4gI zGJ!Rcv4jAjw(E<*IIuTUZ5{*_b<&oMhgbz#pUYoDA<%m}MDEH7(zw%u%Z-yUi*4V}!oC7NJ5&JDGuiJ@s-rQYRdxb@-j9*yRn0HoH^Y&%8Nv)zntK z%bRSP*6&aHOVFPmTy7L9sdSlR9kn=jk^%X-{CDwoUGPBU|jn$Y(T-?MfMGanmwOX!t>{YZJ?7%;<@ ze2W+1(FxAx+`>)mH`sRWKnncndOYO8MFQItty5B^Qv&m1qeguIdWTvWG>d*HEr z2!E&>@+bzQ5c}-jzg9iyRosiu`lci9+J0W`5!m(}r69)Iq_u;* zO$7@}I(^fDtr&YLOqv@8RAN_pd64C4UYfEkr++z07K-&bOVe&3GZwNGJkmY{E?Hwj zTOxU4-tZCaX3f0`C;${fkziw7_EY z`u2#vCo#skEKFP|Ft?J9r`13V~l!B zQWt;t5b8D(O2{NOT8utVEkvzl3QI!e4cP;Qj?G4Dv(4p8aa|!5i)UIsJD-#+w`_LS z%j#{5oHNWfzB-?!okl%4j-80YL|mutW144HU*duijxD}t`Jj~FdF9&j9{&;Yl5VoY zrGqS}NeTW}VQp6txJUX zn4>E>W)htY@}G9X#v4GSq^)3`h-4(mHwpQ%?z8n!q;j}1H_SW9!yM$ia^(=dZ#1`g zhyGiTWa#e9re?U80K)+P#d>sb2T*-<>Jirx+o3{r`0d}u*5Y$m)pbhQ6(FcC!oMZP zt}`Za#dCgmiU3V-m=)Iy-tj5UF31@#nI{kgQ{JYVxsNmBDw;SHwihK`wtJg^S(2kV z(_Ekc{cU8plz!7?b&z`Va6p6hRYQxJsX$k}%E*_8V`=JVy-N}VE?_IF(is$TarO~E zYdVO)KMG7`B8!%-d8(J^gct&V*Zk%ta)kS(Dh^uWn8KRm1|BG#@5DN|RZt7y7e`g~P&Ik(sZ>AU5$9R&f;wKW({XkBOsKV# zE%Z9Z!uSU8<$Le=ozt?~Fd}&-+H0*Y%o+c-#ZH_$^;XzCdAldJ+Wlz(Lk|=+lAf+@ zxm*DNo9{Cedg$^8*CcBpywaJ%bRpyTz`^fAtw~c7?4A(71kAoXP!rE^nNuk33AeT_ z9)f}WkY{dfT;f3yL;z5IykGiEu?-!PyWtx+BVVIBBh&P(lw!2wk=_tJTB2VPKBA*W zQpws}Z>RRbg@Ff**lz1!_^=C;zOe5ULc0O-AJT^qYQtjLrh-JmZwD9X2Pa~ta3&h{ z@_11iA8!eSG~FVqZscN@J&mN@^OmIDSh~4LGR_RT(*u`Y=(ZNFs$~YY(0=N78UOR@ zEfb@JCDrlzN3rWa#J5PS6*W$IE zK0Nuy;O)(Cjt)CX{7XeB*Yy`#!v>`#&mk}T8dZJ*W|b}m3p};=mwY$%qNj##llA3q zm+3=9DvcU%0RZpPW>s4~UXk2maH}Qd+solb2@}P?17jkcbG6jGOs=(^3CN+ZZh}wY z#d8l!q0l_9Jh`)cEk$0X)mls>PD|u=X11xkc^&{%+r73RfP}I4YRq=P9gDPzjUu(u z4)o5LStbsdA759)4$L;Kok|EJXk``01+rHgFlo>yj&i?mK-M2ji6`O{*&Ahlq%aDW z@(`GmG>UyU8HDBU5i>PRU=(Qp)o5~tUj#!GA}eB@1KBYtU}FZy&C^l zeiFp86wwkHape-_Apm?~dT_CHNA2*&^OF*m@U_dpmhH@mv#?}Q_Z?nN0I*vaZ_z^@ zJmTq2&todohjp_prGMno+n3R6jY{5x@jQVTPYD4)=x6otCD~D1W2QcQmvyJ{@0`vn z6P?%Nbx(5yi%etCu>1!Az~{Q+{%eDZXCRT(s>w6;#P_r|vs53#0*&nk0bdk@(l^aN zb5}9)j}|1p1c7ntt;=Nu?|cBzSc(ret2?Xtr*R(ld%?g1P3Ta{GAl3pkIy>`XPEt? zbE2$<>ev7&I^}^coS?7yd(XjHZa%_@@~r%Wm%c1B4F)* z0$y#}AGEC)T?K&V=@z>0LQtHkAQ5ik41BRJZuz@%KzWu_kyRNkZfE{(;9{BqEoOtEfnk$Ny z;vGkpJ9jphzG%~W-K&u8`QYOT+Q$CNN3I1vPH*W z0Ki|rfxQpx+G70)&~b8OJ^)+|2dsdw}7HXE~w@^S(f)M z@w19`+EIjdhB2fJ)#!McvFIXJJ%-Y-C+qIIN4@^}9i%Sn2uZY}46pctRKhf9iimF9 z&k=mmx4!qB_FZzo^jJ?f~I2~d{J5hm7!&3buw2q zLUR-sW_uz`U#<;tBzTTS>bk}BCGShQ z8(BXTT75LUGmR6rX;rJwNW=&B4qQZ~hhuOBVkC{J<6Rs^DT)M8XZlfvop8tLZjOXZYUI66roBg(dRh+Tjm$0(AC3l<#8<|J>Jx5dPs43SWyu9)j2iCCx0o7dkRVK1h;A{2}z3BPVEkIodz3zFiGGCJ)jmP7SE zw%S`4BSE3@+!l*9e0gm`d2RKE$ZO5arOGOq=r#M7g_ebYW<@{};S8xTZY$~gr*RQ8 zb#jL-**~)l>~B?@g$qu;^)*z>E5rEfLTu|K!HvIDz_^k0bkHcd9@a|}{nCH`94*}u zSzkc7S5sfKO;{6OQ~rFkb$PWDENq9nkb!FN&;{bENaWbR{y=ZE=5 zCv(S=>FiQu12%WWdpBY}O3-lHC97EcyL9+do~X4xRqj)z43;`I^B6_Eby(VC)1}-G zf=3+tJg9x95DmK1Jw)z-S2{1GH|=ylI*Jrmg9#7m(a)+%V8;A{W<^xY+gzr&Dx?@!~T{Utn)ZkhA^(btXFTGkUnIlhc)$(_{urrP4% zqX?^Hu^M1|#Gy<4bBp&#&A(%C!E zmRUUAXeKw3AdNpu%?oCakx?%)h!63%Z0Ejgtbv3AG&xX!FfZKV&Hh`S>ux!GXl|(zI!ezOE`SD!lFNhZz!o3Rh%qDj!G2b0;fp3{6c7 z=B?b78O1HTVr&<>IyQmZ;n^tG|cY8EogpRbq#nelrj#>Cv3WV)q9-HO3EqLNU> z{N_=zq^2tsJ(qsFvTbkF*mm)5;(*JJ!)2(3Yl7njEsr%yW(Ls> znY71wsku#^oN8s=UdydwL!+CTAj>3-IEe?6d-S_T<5|<`Oo?t53=WK1ME2a?cf}Gz zgb+O)P1kEV)%FE$xI+6UM`?jc^e% zu#%IcBJ0bvlvlRYE%P(Wvpx{hv0OYx)xUrE=;EZxUJ6^8cFZ=PtDi^JQkA7t2mPjZ zK{$8i2Y-skh7lU97k(~pXkARH@9E`F=LfLtBolYO2Yo(do@+K~o~ljHbYl_xVtHST zZ&SajM2(*JF-MxYY3Jiq(H3w0NH%~t9OK(nN9}t znK%+^J#M_h!pI$Gn|w<8G5u`;R3%;XTbH`@27$p~%Q$zLK~U@v zIce1+^Xa|??{i~P<7rAz==iKJZ&Y7dt~p9!>k(pdbt}189lR*^Cw_|oV+d)k%X9Vw zWv~NxsD!_%HLPJ%RgELEZaV4!p(5g(NZCs7QtuDkH=y7LUsz&Wn`sask-$`4{*{C%i!RVk~X1ef{=nPv+~C0Uwn)8|Hsdc0)>Av994tGR>c?;W+N{obcAS5{(^&rMG8h6asp6Gl zqRVLSK>8kIuF)*-wodrm{Vw<+XSz%`tFOXq;1#HxjQMTCPdP&2D6QZ00b2&2qoX(S z%QS7<_`Aab>N7r5Rq@R)^aC1}FzaXkewAaDqH*efx!B7EuzMC<;?!BPA@4jG&NdK~ z*|nLM0;KN3SE0V}PiZ0+{g^AGjbW)7LVu*#HP@}Cr)v!lmk)5aG*JjW+CN>zfmG-l z&-5p4%e+K}^9j|F2g z(ISt*L?B1p1v0d>lqOm(7T+s#ibY zxLnfQh&SJH^uDwA^d1_%O*qHhmlXz7Yyy@uQ+!ZNs}s4JG?M zuOta?!F6J1Ke{>(5U8)9jBdhm#JchKU@+il_Bv}EI~CjUBiR#mhrVJ$og5PJXa-Q_*H{agiH zm$zFLj--0*z?*-~HUawjGo<$(NkEzUry4nF^f}+jT5#-w;5nc58O2+!Yqp2ANSmw^ z+7-o4*?7FU#$;4;4f+_Iixq5Ul9dkwzNiAg8qhPEh`1|dMNx(Z(H1O%YEddgJ*s|? z)r(Dz2PBH^mJfOd522N^`o~@5pwLc~gR@T2>2#CSH>zj0hZH@X)gDKqdPoP}vRc!1 zUkEI$QzO zDT=D2fZqBaE!n`k!L59E5=hv+`YRy6d&mFyMop&m1dU`ikfmd6bsYy zok*bKxR|l=VgVdTV7v;lqF9B)tbpFL&uFmkS6TsH%gb;li(c_6FXQF0f`;LEeEf@G z@nBXl|ANFZCJ9m3De!zN)l!OH6)~8Tr|4>J?unCNR~99LCAwq!Kx?1OdoLgL!?J&V z>sMXD-$?Gt&?8QHiG+tzePBZ-hpxx94N0Hd(R4Q2tTB&Kyaur>ReuWc^IJ?Vf3V(b zk}|UvXw*MNbVP0Z%ge%Tw@b&b8=TZbzt>KU;Q=7&9=N4r=jw~zn^K|*WTwe<#Mg1~ zzuox=5FUyH`eQ)TuepaSqJWgLX5f1e1~lIK6$oh4yQ;U%Y^bcX)H3Aj0F*{g`|&T~ zg+r5)T%2Dyq3hqu;t*z*GmPq3pO#4s$-q zuclW4jfA^EucVy6<_jR-OJZLCgG<_-j;|Y50TPvs6HM?u*i9}bq$QTtr;J&~xePgqOcn4g|WF6$FxcmTkiTC#fNZYH+Azmq@X zV8f};#TXG=J20(F=uDAu`+rQk0ly2cB)(&P`tnaF{yv|wl<-SBEMp5*xaD*tq- z`pLo9b(DtB&F}V?gfRrIIbMeLmEQ6@UFq>6^F;&F_gpum>PPxbbN0ff#Md|BO-ryh zbt0Sm+u6^f&#F2Lgoft4^SLQXyY;ey z-ObW^WnVRuvH6u)Jb&4IBDH>-O2J(5W-ZnH@xg$~g((RN+u7ItG=?lflb#(H35NLD zpPB7M4*4=iS3q{}{LqJA6!cV=o$pn=mt7<^lEy~0jajb;;JPzfh41bxaPiIZE|v~+$leMVQoUSJEyWGo&D)W)>#`qF0XE^5iehrpMB)5A;m*<{K=cT z$v3Y}=n*H8vy$(|}C9z1Xb`^)0eTHJmT3GPw1@&$OiuoGo^h%@7(aD%Rc#4AAGkih87PVQIVCq2EBD7=+Bla4Z_L! z%Y3hR_4-F^E>va|<-YX0j{+yruSug~kvfG4Wk3;f#jN^bH7JOtIin*4aIy~rQhCQT z@Vwa9np-s3d36V?7w<)@C<{bSj`}RDvz}MOEk@&wjN&QVtGN-~wtox;UthlXI4qos zDj4_L&8g&4;#jt589BuX+76=#p4=4d(3a*QX)du0J_GhePt4 z&gWv|TP<;O_A!~Fyynf9x%c*FQ;J3B!YbMNDF0iQ=X2!>W*a(B6OdiWeYD5YrDhom z9~1Iu(Ma>ctN{4An(V#Aa=%thPQI%;2<}DlsEd8ecxC5o) zPM{0Vxy943KN*w^Gz)7sDQ`R43VBrC+R)Z%b7a9Bc-?gAvJLK>6oq_tDixeH)*mOs6Cvk=C^Yo(#|vmW)+hmD ztl=ogSsc~VW6~1|eI=aZ^IYt?NS@;sK|0m)!Nf7!uUcDV=`3ceEGLsDVTgzqnK*<7 zi7x9bLrEsvV~b@&a^fCyaneJXZU$dg436XTLgwk^PYybjbUt>ATOrI|3tztYOV5Qk z`263w4J9+ZzQHuGNQmYRZZX(mX|sIIf^U$xOPl$0NbQ{FU@2&=f1?Ev0!)*9RZS=tC2z7 z>Zo2)NH0?zH5D6cQ<}~I854H|gIQe-8Avq6FS0g?5)BzDxXz`cYdZ(uCg_5=DTAWH zH?1~lN*(M_)s>D{2D0r%lRDnglp5Px?fXsTLz|jN{)cpZXv2OqC2}nU2p2)6(Ps`P z8f|1Ql_TG2cf5N4n1^wZhe^fs#U0>2&Qs_gU3((bV+ogt1Ri60lQ>jOu2#S7UXnxx z6r;k8JDE1?lh9x!Qp!3RimF$4(S9^MuJMQ+_u-zH3TQU^SO9x%BX^}0ruqA)*G&WO z0a5C;6Cv6@!+iFM%1WAoUXdhs%J+H~MP<$jf0Amw&XBQYbmI##`+sJ`XX6v?x7ZQ2 ztCYz;A;1K83}U*C4%HKv5XI!;$&{~;^2OWa(e{_MrxBvffc^_7Sk&C4N<{t&NC zhz0@bgSV3L z_dZ$z3^=`aS^#`$1r7O7sYy%9ad~=zapZO`a*?)DDt7a82{8ozgF8F69cUhkz z0ziA`3+suIPSmAra58)c^f=ayW}y9neg%-z=CY>4mCXHE+?EG)lm(iT6Mi2=RR3Aj zv7&o2Q;9%+&D%lJj{O}5?3!7k=7;_!!e9IV$S1Ti&?L##R47qt5iOG5-wGt` z`*$LsDS(zsLHnBvPTA*Txf4oB?`+_lG0ppNs7)#zD9;2sP8*|j zT7^s@*VTcf-z=a)@v!OeU-Jf^WzCDuuA_Uhp{hfCiI}zrpBt(SR_XD|uxI?JovF5` zP-B(MQHX%uGSBV(*k9)&91Y>wCQlK6_8YHO-g%97K&3FXleWm2VMw+fk%uqxzoZQ@_s)$F7eQ{_KbpB&qo49kX65JLO?+~cL!9&sg&y5 z8MQ10aX@&Bw5P^vIyc6kg{;^=OG=L?XSNPhXuHMP z;!I+OMfmP=($K6?`$BPpB{;&TwjdW!c4ay@ZEFPDoa2}pTKUWn8l?8hH+*yM6|-@E z)|iJiiQ+#AL7l8WGLsf~mYxTSM~w%>WdaXT3{sP_{JT~?BpR<2dUpDOlj@+~JbsMr z3O2^4r%7`t-yNnSHi@<7#Ho7&nIVPS>2$$!sBM+*vX&@&EJtsH-=TMn(?Z9q(90s8 zsUX_5#09whu}2{)7uMbC)D7p!`3(JnVH%I&1}*4LPWi<2R%neKn4Bg+f>)ah8sihB zkBMAjZeu3#xXhRnUpHcd)@d~a$f}&!paM!ZWa)yhq~7FmYGn!!)H$S3eimoa)#YJ& z2lSY0)aq&xal2ec#JNf5MGR^HMo@uc2M56oibAyK%kc*^THb4fj1=@s@3iGtYLq%tbd6f?+w# z>NT@b9#*ynf{!h?&v2^Gma$H>7(g_aeihp*xgU#3?^6@XQNorW{S_Kv)gx_RDVh7& zBwGCh1?PDDu$EY+>AB^Ba;jIh{#6Z8C19CR{ck1RcpYTCth>EL1fUIF;uGcK+ceYP zdSTW!HF>5yDeZVElY^X$t)6SB49oj1 z+O$IfDt05YW>;53PgSL>d_!JhTi08kG?LFn_S)e#R{2hQR?T4_$e$Sw(1zU?ICrG) z0mk?^pgHX|_O~~u!kl^-3=iOsrA+S1E9}-wh6~?>7QYXSFFv=PK;lY21abzUIc4JJyUJ-2@i1uC{%tEB^*)4FumA`zbSOb9Kx6w=zzjN$$ z=K8^ch=-8f3|0@{-ivUB;>Z!>>_9D6J(C9{lnM*TZy*U5vUk@uJW^)VGOeTP-+x z7}#|+YGZ!b7MJ&8@;0tds`CKapEq$={`&pNYo-AnQD_TD(R0~A=?m-c6l3=%;vOiW zE&-wM96!>kkN#x*Xfoj|ZjdfdD7jx9$;iv3U|FE9wj*mcN|*76~)o6Z z)4=v-)?Cr}27kG@U>yC(mYBklRfL3_d$ZF)G^EtZN9VtUB+Tu z(@zstg3ct3j_wn!km zY95OAG7jN5i#g=3>E6Aqq5Y!MB)n#Ymzxx7){_EMr7F}*2pia0>r!+o53Qi|_q>Va$=XtAnC*}rN$J^nH_uS~NFd?1Ef zxqH;A@2uwXw5HU4r(NWz+?B6UB3a$ovM*wM284O#fRF|U=J%SM{sy_LMUZ>)PXiT{ z2!I)X4jo6|;P{Zk=u5SPeR3h&0vyZ8x&*tKUDTPSWF_59GfCbHqE>c8kmZ_<8{J7S#V^6^{S!{?V7DWwB+|*~H{GUkq=( R06?E_gAX65|0dyY{|&1t5widQ diff --git a/image/an01_normal.png b/image/an01_normal.png deleted file mode 100755 index a90c26f994168e5ec5efb5d569155467c99f2955..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7280 zcmeHsX;_kL+wOx_HfZ){ljg8mrM1-5a@LGiYJ+o{BMy}n4v9m~C|Is6t)!MYlmbmk zX=;UnBe-fACMqSODI(^CfH2dhqp;_m=TJE`MnJqpi&GSFh5UVhy2dc1xlp0R6;21*l7(Uy?*G zo;qm^Qr+*O7uOPs)w$Iow}8(jNVr(Pu&!G6-!pfhNefrZcJI%!E$5D;HIiWv{ol! z>e!~xe$NcE#>&soHoATgrf`b*edpDENBo+^V?~g)kL==ge^Tk2i+|Sa5xKX*HSw|( zQa+a$qWXUG(@mf*=Z3QftCx-;aCw^59>^L<=d(MeW1|`ADgr-Qwz=H4Ig!^ALn~3y zr%gT~ja?6eb!eJ#%-|cYTKaFNPaJEJ66F0$sP^0-d4{VXu!eHV9_Np96ICyr3 z!ia0ZA{2t+X)B;j(6CPJzu+;muqh-3g{`oNQ~~bI(e=m#!%5XWfYOYEG9oI~2>_I% z5bXn+|0j?=?G8U<8b(4yL$(1*nHdVa&lTvuz?dZlgGYV~6JFjX`~BVI}eW?w9XpFvT^7dbSf zOz1Bu{2Maj(PAkxwq)=6%`*BMa|PzE4xn^Fs{>)k!VOW8N2@&)c^_rAqToNc;O+OX z*@Uh6$OOO!jY;nU3|s%4=`;r*P3z{(Q*a7)xJk%iW=qS<;B)H$%nS~#RiH0o_cF#*>BO7fH9>J(6)**D5@C7;MDU3aAkpqiIyBlnXw zX#ud4fM{%Kch5{LQ?LD!yBQme_Ki};XK*lS_Hvg4i!lf!d9#5;1*L`?@UY?*|L~KG{6$}T}I4LI7 z<%wixfpytB`rq52ZB zaj7w(CUipNIkjCsuP%t|D6oF|VeNW(HiBQq6|(NT6Q1ks4RZ|9+RK1X*kR?;^+VO0 zF?D*|pU^}d>(6#Y^F7@OwV?Zr?5vD6Sg1!B=_Xh79I3dyY|laP5D^hHUpkKaIa(Nb zrKW8m+L*Xj|)55eA&mL^39*t-xKEr-pN^e<>>{Yp(yLY|T$ioMXEh`#*-Jv-XG{o*?&3%w|*S$W_DhKZ4DYsy2_AA7p-nV)q{hs&UeVl4u^^pii1a9mr z4zkno)SkeRHra+pKj3Yvv|lJfM)#hVvVB3B7uc^I{DUn0gLdUv(Co3GMR4|vUuEf$ zGt#sr@W-u*2lv@T~7jsdde2s94YQ>J}Nn2d*dI z?!H_1d%ts%xe^n6W`IR$w_BYCj;ES}-+Z5e0YQK%UikI3uU1$I6W=ABPr(un2ljP|Pm#8$4ywF39(Z_>1Q6K3b`3=g{B z(QDT#U5qs9aPN%;`kZ%j* zM=}D6pGLk~sUM7XO+5e6H8hsdkDYFk zFe~!s105xcR6T@>gj{REz1^$J7yWi^isfL73}T@KElv;V_sTGz2RCS_T!u(Fdc|U$ zY30AMAeu?w#PA=!4zlosh@wRaMnd(jnhR=uVKZ1rqObVrRTJHYxP zsLlOniTx#umPkwAC{zC8*o8XcrnugS^dytkXuSWn6B=LDFnF;JZUBNs-zk0TGPgff zKT*DThk?}TzetqAkFI-qd!Lfc7asBAo8!~18J%#x%?05EA_&U=YehHg<(G-(UlJso zg*g*mpKcbl0S?q6pq(>JNJSXohd6~~(DOT;y%E1E>M=({=5w|EDikes;#3Dnaa=F zPg&|q_C(iwAjj;y;O4k)UjMLZD=E`8#Obi-MaSnbe)f0D@(ranblO(&n;g6D%#|fd zZ7yGPh3u^qm!>4%xbrpL@YU9>EqZs^puz^AD!+LhT3mSVxoLlDOLM$+Sb-g#W`j#| zL1N!8`8yFRJO>6PPRT;ybNOHsbFlUW@MbO7)qRiOKRUFkYnGi*vBk>?px^tlzJp_6 z{4>~~U$TG=S%A{N8l3+&{C7P5Ux7m#&AoC}EX5im0iys z&X&rCuu~eIY|4e77=L|fcu!v7dqgl&x0N4kupwXVv~c4 zb_!W=d(wgqK8&l4K6MW5H~x~JS}J6Qzu*_queFwx9LJ-}$K$FxcuTqQKL}@6sHHV{ zUqdq8#k#dd$j+xV>r|;t+ksl@LB+6dwO<>Dt**k`nk41DpduLU$nM_ja{Q8@ited6 z*E$Zf@yO#H_~bjpJb(%D3Phapu|OOxeQ3TltoGPZ!V5cRYIAuL*j)OuNoFf_CEoqG ztUl4;0npCJGOC)tqAf*dx|U+#lFU!Tt2XRqGql{4@|{KkattoKZj36byE7E+Xgm`b{!V<72mZF z*`F!EIqi`L82x@sYla`fMFg~lvM#qi>VLiGV3qZg z{`i+s7 z`zyvN_cfIye1R7S*QR#`Z^^KT4w7{!=$-=y4A?;eXup55hXL2j#OEop)-G zb!Pli%-BzagR2Yoe)pqXnJo>;RN|CqhV;7c!Z$9ipXYCCoX;H7#UZpCPvQ=isMC3& zB_pWZTG;LwV(|!D+FzS`3y*?qNa<{T%BoN|hoEXx-{=>>zNg|;M}5PNBJ@%?{M~UTz6ZGv1JnKs&)*_#ERQj668TGg9ixEWmr6?*A>s z6o1RT?&X<9ol8~bGk)WQ8gMZ-ChWp+k3p&|Tqw+weTzaijd@QzTC4Ye)I;54TZw7i zjP8n>nB3gbdr||4Mmd3XxT2a z6~Ee&(h2kgzJ?S>RA{`JEip_EsP^zm;O+V1>MX+skjwcC9YPXiX-5l1%w@^FU(`dX z5rS*I7`*np+SnsduwiC$v$jdO{Tn~W?g!OAL$O@pNGz$9KhafA`E4pPlghr|Zp!d|uIYjG7G}PjMuMaSTSBHtVGadFMj8@Z-{p`;W7w_@F+Do_ih*_92Q@X4EX#pGMtdw|Awr)*+^v zD>?8JGE_Z9ohPYYDtNZag;du%p&5IFAwowFbXRH4avg3cVw~_CtYK}2O&{JhXg;!i zE@_ipckRBvs?)sIJs+OkZZZFB=Dr7O!qUc3)soraV$j1~tRw<1sU`0Z}qTDCFo)Yfq``I z^6~1=Z&3byazELF<8K4{O?7BHleUi^{yK9d+=XA3xjJEU1)%wPOFB~c(Xd{l<7C9g zTG3(Gw7dwx*E>i*cOWWTb<-TwhShw)^E?_|>gVU;#T$m85w;Sx_8nY>L2jc8RQQks<2_u%oP|-y5v?C`7g7{8gq!-TVeIXx2XMXHBwrKNI ze*qCTt6LYpPG>Wl17&eW zULTi(!{OXwP_-)at=l<)-U?7vxagqLrK`tQwD7#9{EniIeNZp?#vSh^8)f`tgJ!G$ zw~aBc=GT;IQ%A(b_AK|H%81JYlZJ?BL#P~q?xx;=Mq zwtpDXo=wz%5}-kqFHCf{lS2 zJ-gdb?E|&sUz3fzT#=?4Kzeh#enjq;wg`{34K0%fY_?k4`e4H>G*>BZ7xAZh{G#z1 zFt^I;X39f<11JqW`qK{NIVLy78g$`qnB&@JqPTVK)P9Zsyge9GZeR!~vHZ(Dha3XO z7G4?%t3u{XW*PcJJjE*IQ_a9R=Nh8ey(mJ_(D~T8z%KZ6JZM$B6R*&*68WVg2m2#3 zj|RaB5(O;mrqx>6WMM{xw4*gW&78}OcpB)oLib#Hg%rYQmb0c!63VWW&BWp|JB0Us zIBQec{LEG9TkGo+)%|I$B*|FR!r$2Ki-PmWDm|W-Eu7jvr++ZdVkL8OaveVGepjSh zy}=qeu=L1YvVX`q+$#rE#rS0;+yzOqhwg$fS>Yo2<)r+b;P*!sBAxz-yXR7~b zt0E6Th=0WjOpDk_g(VGRqHNIsvNf~OKPYpqACu|Iozsu4KiC?v)6XbT277NXUd>qA znN*>$Nhq_3q(wgo+@c`}t5z5mew!`2{yD6M;77S$AUKrV_$~4d0JFSws>F}F86XNeRRFTe)Q6xW==pXH)U(0 zNwwtJX=G?*wy6MH%`M*T&*v3urIp#M{b-5A4SR8BiGW^QMQ`jHORt z>e({V`2q>m^@%h(-;Dig(ynbOs5NFacnqtYFIDzhnzIFD7I@l@~iaIWi z%~r12(h<*7pM_DW4w{^qcs78TVD*C&WM7A4(i#trm-)eT*1$Vy@pIHK{Et!p|I_Jn bRmC=BcfY|(Y2n%?5jgAY;Z$?-!p;8y(+Fdk From 2a7d5ff125bf9996e00b58035b24d465c7a47908 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 24 Jul 2021 15:22:25 +0900 Subject: [PATCH 64/97] Update comment For keyfile registration to initfsram --- script/lib/chrooted_job_ubuntu.sh | 3 ++- script/lib/chrooted_job_void.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index 6d8cd57..5cdd73b 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -29,7 +29,8 @@ function chrooted_job() { echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab # Add key file to the list of the intems in initfsram. - echo "...Registering key file to the ramfs" + # See https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html for detail + echo "...Directing to include keyfile into the initfsram" echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index 9ce0c82..2bed1d5 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -29,7 +29,8 @@ function chrooted_job() { echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab # Add key file to the list of the intems in initfsram. - echo "...Registering key file to the ramfs" + # See https://man7.org/linux/man-pages/man5/dracut.conf.5.html for details. + echo "...Directing to include keyfile into the initfsram" echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf # Finally, update the ramfs initial image with the key file. From 95820a63d70bc263cc14d8ec09d4e9ab96ab061f Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 28 Jul 2021 08:22:45 +0900 Subject: [PATCH 65/97] Change > to >> Item should be added to /etc/dracut.conf.d/10-crypt.conf , rather than be overwritten Issue #29 --- CHANGELOG.md | 1 + script/lib/chrooted_job_ubuntu.sh | 4 ++-- script/lib/chrooted_job_void.sh | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 02d25ab..80f3645 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ Record of the modification in project development. ### Fixed - [Issue 24 : Fail to install the ubuntu when the / volume is btrfs](https://github.com/suikan4github/kaiten-yaki/issues/24) +- [Issue 29 : Item should be added to /etc/dracut.conf.d/10-crypt.conf , rather than be overwritten](https://github.com/suikan4github/kaiten-yaki/issues/29) ### Known Issue diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index 5cdd73b..9fdc473 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -28,9 +28,9 @@ function chrooted_job() { echo "...Adding LUKS volume info to /etc/crypttab." echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - # Add key file to the list of the intems in initfsram. + # Add key file to the list of the intems in initramfs. # See https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html for detail - echo "...Directing to include keyfile into the initfsram" + echo "...Directing to include keyfile into the initramfs" echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index 2bed1d5..2bb8430 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -28,10 +28,10 @@ function chrooted_job() { echo "...Adding LUKS volume info to /etc/crypttab." echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab - # Add key file to the list of the intems in initfsram. + # Add key file to the list of the intems in initramfs. # See https://man7.org/linux/man-pages/man5/dracut.conf.5.html for details. - echo "...Directing to include keyfile into the initfsram" - echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' > /etc/dracut.conf.d/10-crypt.conf + echo "...Directing to include keyfile into the initramfs" + echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' >> /etc/dracut.conf.d/10-crypt.conf # Finally, update the ramfs initial image with the key file. echo "...Upadting initramfs." From fdfd8953d514ffa8df2bebf911f322acca677274 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 16 Oct 2021 07:51:31 +0900 Subject: [PATCH 66/97] Update README and CHANGELOG prepare to release v1.2.0 --- CHANGELOG.md | 11 ++++++++++- README.md | 5 +++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80f3645..7c6a855 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added ### Changed +### Deprecated +### Removed +### Fixed +### Known Issue + +## [1.2.0] - 2021-10-16 +### Added +### Changed - [Issue 25 : Refactoring: Sourcing config.sys is not needed in the chrooted_job](https://github.com/suikan4github/kaiten-yaki/issues/25) - [Issue 26 : Update AN01 for btrfs](https://github.com/suikan4github/kaiten-yaki/issues/26) - [Issue 27 : Eliminates the confirmation dialog](https://github.com/suikan4github/kaiten-yaki/issues/27) @@ -66,6 +74,7 @@ See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki ### Known Issue -[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...develop +[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.2.0...develop +[1.2.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...v1.2.0 [1.1.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...v1.1.0 [1.0.0]: https://github.com/suikan4github/kaiten-yaki/compare/v0.0.0...v1.0.0 diff --git a/README.md b/README.md index 3626ff6..aff6af9 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,10 @@ As depicted above, the LVM volume group has only one physical volume. These scripts are tested with the following environment. - VMWare Workstation 15.5.7 ( EFI/BIOS ) - ThinkPad X220 (BIOS) -- Ubuntu 20.04.2 amd64 desktop +- Ubuntu 20.04.3 amd64 desktop - Ubuntu 21.04 amd64 desktop -- Ubuntu Mate 20.04.2 amd64 desktop +- Ubuntu 21.10 amd64 desktop +- Ubuntu Mate 20.04.3 amd64 desktop - void-live-x86_64-20210218-mate.iso - void-live-x86_64-musl-20210218-mate.iso - void-live-x86_64-20210218.iso From 4699f87cc7f04d005667b47ee186df52d66e9d82 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 2 Mar 2022 07:24:56 +0900 Subject: [PATCH 67/97] Add test script for development --- script/config.sh | 30 +++++++++- script/lib/common.sh | 123 +++++++++++++++++++++++++++++++++++++++- script/test/config01.sh | 112 ++++++++++++++++++++++++++++++++++++ script/test/test01.sh | 45 +++++++++++++++ script/test/testutil.sh | 38 +++++++++++++ 5 files changed, 346 insertions(+), 2 deletions(-) create mode 100755 script/test/config01.sh create mode 100755 script/test/test01.sh create mode 100644 script/test/testutil.sh diff --git a/script/config.sh b/script/config.sh index bb378c0..22f448f 100644 --- a/script/config.sh +++ b/script/config.sh @@ -14,11 +14,39 @@ export ERASEALL=0 # Keep it unique from other distribution. export LVROOTNAME="anko" +# Suffix of the optional logical volumes. +# If you want to have optional OVs, set USELVEXT# to 1. +# Then, the suffix will be added to the LVROOTNAME. +# For example, Assume you have setting below : +# LVROOTNAME="anko" +# USELVEXT1=1 +# LVEXT1SUFFIX="_home" +# USELVEXT2=0 +# LVEXT2SUFFIX="_var" +# You will have +# anko +# anko_home +# You will not have anko_var because the USELVEXT2=0. +export USELVEXT1=0 +export LVEXT1SUFFIX="_home" +export USELVEXT2=0 +export LVEXT2SUFFIX="_var" + # Logical volume size of the Linux installation. # 30% mean, new logical volume will use 30% of the free space # in the LVM volume group. For example, assume the free space is 100GB, # and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. -export LVROOTSIZE="50%FREE" +# Note that the order of the volume creation is : +# 1. EFI if needed +# 2. SWAP +# 3. LVROOT +# 4. LVEXT1 if needed +# 5. LVEXT2 if needed +export LVROOTSIZE="10%FREE" + +# Logical volume size of the optional volumes. +export LVEXT1SIZE="90%FREE" +export LVEXT2SIZE="100%FREE" # Set the size of EFI partition and swap partition. # The unit is Byte. You can use M,G... notation. diff --git a/script/lib/common.sh b/script/lib/common.sh index cd0365c..43803d4 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -42,6 +42,34 @@ function confirmation(){ return 1 # with error status fi # "-" is found in the volume name. + # Sanity check for lvext1 volume suffix + if [ "${USELVEXT1}" -ne 0 ] ; then + if echo "${LVEXT1SUFFIX}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVEXT1SUFFIX is "${LVEXT1SUFFIX}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume suffix. + fi # USELVEXT1 + + # Sanity check for lvext2 volume suffix + if [ "${USELVEXT2}" -ne 0 ] ; then + if echo "${LVEXT2SUFFIX}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. + cat <<- HEREDOC + ***** ERROR : LVEXT2SUFFIX is "${LVEXT2SUFFIX}" ***** + ..."-" is not allowed in the volume name. + ...Check configuration in your config.sh + + ...Installation process terminated.. + HEREDOC + return 1 # with error status + fi # "-" is found in the volume suffix. + fi # USELVEXT2 + # Sanity check for swap volume name if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. cat <<- HEREDOC @@ -62,6 +90,23 @@ function confirmation(){ Volume group name : "${VGNAME}" Root volume name : "${VGNAME}-${LVROOTNAME}" Root volume size : "${LVROOTSIZE}" + HEREDOC + + if [ "${USELVEXT1}" -ne 0 ] ; then + cat <<- HEREDOC + Extra volume name 1 : "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" + Extra volume size 1 : "${LVEXT1SIZE}" + HEREDOC + fi # USELVEXT1 + + if [ "${USELVEXT2}" -ne 0 ] ; then + cat <<- HEREDOC + Extra volume name 2 : "${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" + Extra volume size 2 : "${LVEXT2SIZE}" + HEREDOC + fi # USELVEXT2 + + cat <<- HEREDOC Swap volume name : "${VGNAME}-${LVSWAPNAME}" Swap volume size : "${LVSWAPSIZE}" --iter-time parameter : ${ITERTIME} @@ -207,7 +252,7 @@ function pre_install() { return 1 # with error status fi else # not exsit - if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then + if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # not exist and overwrite install cat <<- HEREDOC ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** ...Check consistency of your config.txt. @@ -219,6 +264,69 @@ function pre_install() { echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" ] ; then # if extra volume 1 exist + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" exists while non-overwrite install. ***** + ...Check consistency of your config.txt. + HEREDOC + # Remove newly created root volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + else + echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." + lvcreate -l "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" + if [ $? -ne 0 ] ; then # if fail + # Remove newly created root volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + # Deactivate all lg and close the LUKS volume + deactivate_and_close; + return 1 ; + fi; + fi + fi + + if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 + if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" ] ; then # if extra volume 2 exist + cat <<- HEREDOC + ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" exists while non-overwrite install. ***** + ...Check consistency of your config.txt. + HEREDOC + # Remove newly created root volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + # Deactivate all lg and close the LUKS volume + deactivate_and_close + return 1 # with error status + else + echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." + lvcreate -l "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" + if [ $? -ne 0 ] ; then # if fail + # Remove newly created root volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + # Deactivate all lg and close the LUKS volume + deactivate_and_close; + return 1 ; + fi; + fi + fi + fi fi @@ -338,6 +446,19 @@ function on_unexpected_installer_quit(){ else # if not overwrite istall, delete the new volume echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + + if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 + # Remove newly created extra volume 2 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" + fi + fi # Deactivate all lg and close the LUKS volume deactivate_and_close diff --git a/script/test/config01.sh b/script/test/config01.sh new file mode 100755 index 0000000..cfa8614 --- /dev/null +++ b/script/test/config01.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# ##################################### + +# Test setup. +# /dev/sdb/ +# ERASEALL +# LVROOT 10% +# LVEXT1 90% +# LVEXT2 10% + +# ##################################### + +# Configuration parameters for Kaiten-Yaki + +# Storage device to install the linux. +export DEV="/dev/sdb" + +# Whether you want to erase all contents of the storage device or not. +# 1 : Yes, I want to erase all. +# 0 : No, I don't. I want to add to the existing LUKS volume. +export ERASEALL=1 + +# Logical Volume name for your Linux installation. +# Keep it unique from other distribution. +export LVROOTNAME="anko" + +# Suffix of the optional logical volumes. +# If you want to have optional OVs, set USELVEXT# to 1. +# Then, the suffix will be added to the LVROOTNAME. +# For example, Assume you have setting below : +# LVROOTNAME="anko" +# USELVEXT1=1 +# LVEXT1SUFFIX="_home" +# USELVEXT2=0 +# LVEXT2SUFFIX="_var" +# You will have +# anko +# anko_home +# You will not have anko_var because the USELVEXT2=0. +export USELVEXT1=1 +export LVEXT1SUFFIX="_home" +export USELVEXT2=1 +export LVEXT2SUFFIX="_var" + +# Logical volume size of the Linux installation. +# 30% mean, new logical volume will use 30% of the free space +# in the LVM volume group. For example, assume the free space is 100GB, +# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. +# Note that the order of the volume creation is : +# 1. EFI if needed +# 2. SWAP +# 3. LVROOT +# 4. LVEXT1 if needed +# 5. LVEXT2 if needed +export LVROOTSIZE="10%FREE" + +# Logical volume size of the optional volumes. +export LVEXT1SIZE="90%FREE" +export LVEXT2SIZE="100%FREE" + +# Set the size of EFI partition and swap partition. +# The unit is Byte. You can use M,G... notation. +export EFISIZE="200M" +export LVSWAPSIZE="8G" + +# Usually, these names can be left untouched. +# If you change, keep them consistent through all installation in your system. +export CRYPTPARTNAME="luks_test" +export VGNAME="vg_test" +export LVSWAPNAME="swap" + +# Do not touch this parameter, unless you understand what you are doing. +# 1 : Overwrite the existing logical volume as root volume. +# 0 : Create new logical volume as root volume. +export OVERWRITEINSTALL=0 + +# Do not touch this parameter, unless you understand what you are doing. +# This is a paameter value of the --iter-time option for cyrptsetup command. +# If you specify 1000, that means 1000mSec. 0 means compile default. +export ITERTIME=0 + +# Void Linux only. Ignored in Ubuntu. +# The font size of the void-installer +export XTERMFONTSIZE=11 + +# !!!!!!!!!!!!!! DO NOT EDIT FOLLOWING LINES. !!!!!!!!!!!!!! + +# Detect firmware type. 1 : EFI, 0 : BIOS +if [ -d /sys/firmware/efi ]; then +export ISEFI=1 # Yes, EFI +else +export ISEFI=0 # No, BIOS +fi # is EFI firmaare? + +# Set partition number based on the firmware type +if [ ${ISEFI} -ne 0 ] ; then +# EFI firmware +export EFIPARTITION=1 +export CRYPTPARTITION=2 +else +# BIOS firmware +export CRYPTPARTITION=1 +fi # EFI firmware + +# Detect the GUI environment +# This code is not efered. Just left because it is interestintg code. +if env | grep -w -e XDG_SESSION_TYPE -e DISPLAY -e WAYLAND_DISPLAY > /dev/null ; then + export GUIENV=1 # set 1 if GUI env. +else + export GUIENV=0 # set 0 if not GUI env. +fi \ No newline at end of file diff --git a/script/test/test01.sh b/script/test/test01.sh new file mode 100755 index 0000000..a5a2de5 --- /dev/null +++ b/script/test/test01.sh @@ -0,0 +1,45 @@ +#!/bin/bash -u + + # shellcheck disable=SC1091 + # Load configuration parameter + source ./config01.sh + + # Load common functions + source ../lib/common.sh + +function main() { + + # This is the mount point of the install target. + export TARGETMOUNTPOINT="/target" + + # ******************************************************************************* + # Confirmation before installation + # ******************************************************************************* + + # parameters for distribution check + export DISTRIBUTIONSIGNATURE="ubuntu" + export DISTRIBUTIONNAME="Ubuntu" + + # Check whetehr given signature exist or not + if ! distribution_check ; then + return 1 # with error status + fi + + # Common part of the parameter confirmation + if ! confirmation ; then + return 1 # with error status + fi + + # ******************************************************************************* + # Pre-install stage + # ******************************************************************************* + + # Common part of the pre-install stage + if ! pre_install ; then + return 1 # with error status + fi +} + +# main routine +main + diff --git a/script/test/testutil.sh b/script/test/testutil.sh new file mode 100644 index 0000000..a4889d2 --- /dev/null +++ b/script/test/testutil.sh @@ -0,0 +1,38 @@ + + +# ******************************************************************************* +# Deactivate all LV in the VG and close LUKS volume +# ******************************************************************************* + +function util_deactivate_and_close(){ + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + vgchange -a n "${VGNAME}" + echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + cryptsetup close "${CRYPTPARTNAME}" + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + +} + +# ******************************************************************************* +# Delete the nwe volume if overwrite install, and close all +# ******************************************************************************* +function util_cleanup(){ + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + + if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 + # Remove newly created extra volume 2 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" + fi + +} From ed48590821722d21b5fd890b06885ed6c41a5146 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 5 May 2022 23:20:30 +0900 Subject: [PATCH 68/97] Test update. --- script/test/trial.sh | 11 ++++++++++ script/test/{testutil.sh => util_cleanup.sh} | 22 +++++-------------- script/test/util_deactivate_and_close.sh | 23 ++++++++++++++++++++ 3 files changed, 40 insertions(+), 16 deletions(-) create mode 100755 script/test/trial.sh rename script/test/{testutil.sh => util_cleanup.sh} (65%) mode change 100644 => 100755 create mode 100755 script/test/util_deactivate_and_close.sh diff --git a/script/test/trial.sh b/script/test/trial.sh new file mode 100755 index 0000000..5106da8 --- /dev/null +++ b/script/test/trial.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +DISK=/dev/sdb + +DISKSIZE=$(blockdev --report ${DISK} | awk /${DISK}/'{print $6}') +VOLSIZE=$(lvdisplay --units B /dev/vg_test/anko | awk '/Size/{print $3}') + +echo $DISKSIZE +echo $VOLSIZE + +echo "scale=3; $VOLSIZE/$DISKSIZE" | bc \ No newline at end of file diff --git a/script/test/testutil.sh b/script/test/util_cleanup.sh old mode 100644 new mode 100755 similarity index 65% rename from script/test/testutil.sh rename to script/test/util_cleanup.sh index a4889d2..0701bb9 --- a/script/test/testutil.sh +++ b/script/test/util_cleanup.sh @@ -1,20 +1,8 @@ +#!/bin/bash -u - -# ******************************************************************************* -# Deactivate all LV in the VG and close LUKS volume -# ******************************************************************************* - -function util_deactivate_and_close(){ - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." - vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." - cryptsetup close "${CRYPTPARTNAME}" - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - -} + # shellcheck disable=SC1091 + # Load configuration parameter + source ./config01.sh # ******************************************************************************* # Delete the nwe volume if overwrite install, and close all @@ -36,3 +24,5 @@ function util_cleanup(){ fi } + +util_cleanup diff --git a/script/test/util_deactivate_and_close.sh b/script/test/util_deactivate_and_close.sh new file mode 100755 index 0000000..2da7bb4 --- /dev/null +++ b/script/test/util_deactivate_and_close.sh @@ -0,0 +1,23 @@ +#!/bin/bash -u + + # shellcheck disable=SC1091 + # Load configuration parameter + source ./config01.sh + +# ******************************************************************************* +# Deactivate all LV in the VG and close LUKS volume +# ******************************************************************************* + +function util_deactivate_and_close(){ + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + vgchange -a n "${VGNAME}" + echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + cryptsetup close "${CRYPTPARTNAME}" + cat <<- HEREDOC + + ...Installation process terminated.. + HEREDOC + +} + +util_deactivate_and_close From 9ef15cc1f122c100c29e7d298cac70de747fb376 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 5 May 2022 23:32:48 +0900 Subject: [PATCH 69/97] Add display of the additional volumes. The user --- script/lib/common.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 43803d4..355e869 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -359,7 +359,17 @@ function para_install_msg() { fi # Root volume mapping - echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" + echo "/ : /dev/mapper/${VGNAME}-${LVROOTNAME}" + + # If USELVEXT1 exist. + if [ "${USELVEXT1}" -ne 0 ] ; then + echo "LVEXT1 : /dev/mapper/${VGNAME}${LVEXT1SUFFIX}" + fi + + # If USELVEXT2 exist. + if [ "${USELVEXT2}" -ne 0 ] ; then + echo "LVEXT2 : /dev/mapper/${VGNAME}${LVEXT2SUFFIX}" + fi # In case of erased storage, add this mapping if [ "${ERASEALL}" -ne 0 ] ; then From a21470f594af43afd4e4efdce2a45b98dbe95925 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 5 May 2022 23:47:17 +0900 Subject: [PATCH 70/97] Correct the display of the LVEXT1,2 --- script/lib/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 355e869..b3b4bb4 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -363,12 +363,12 @@ function para_install_msg() { # If USELVEXT1 exist. if [ "${USELVEXT1}" -ne 0 ] ; then - echo "LVEXT1 : /dev/mapper/${VGNAME}${LVEXT1SUFFIX}" + echo "LVEXT1 : /dev/mapper/${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" fi # If USELVEXT2 exist. if [ "${USELVEXT2}" -ne 0 ] ; then - echo "LVEXT2 : /dev/mapper/${VGNAME}${LVEXT2SUFFIX}" + echo "LVEXT2 : /dev/mapper/${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" fi # In case of erased storage, add this mapping From 8cd947c91232f07fc435cf633562cc7299a4095c Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Fri, 6 May 2022 08:44:16 +0900 Subject: [PATCH 71/97] fixed behavior of lvext When overwrite installing, the lvext# were not created. The detection of the error processing was refactored to use the global variable to see the newly created or not. --- script/lib/common.sh | 129 +++++++++++++++++++++++-------------------- 1 file changed, 68 insertions(+), 61 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index b3b4bb4..8524a69 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -152,6 +152,11 @@ function confirmation(){ function pre_install() { + # Internal variables. + # These variables displays whether the volumes are created in this installation. + IS_ROOT_CREATED=0 + IS_LVEXT1_CREATED=0 + IS_LVEXT2_CREATED=0 # ----- Erase entire disk, create partitions, format them and encrypt the LUKS partition ----- if [ "${ERASEALL}" -ne 0 ] ; then @@ -242,6 +247,11 @@ function pre_install() { if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." + + # Create extended volumes if needed + create_ext_lv + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + else # exist and not overwriteinstall cat <<- HEREDOC ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** @@ -262,70 +272,13 @@ function pre_install() { return 1 # with error status else # not exist and not overwrite install echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." + IS_ROOT_CREATED=1 lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 - if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" ] ; then # if extra volume 1 exist - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" exists while non-overwrite install. ***** - ...Check consistency of your config.txt. - HEREDOC - # Remove newly created root volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - else - echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." - lvcreate -l "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" - if [ $? -ne 0 ] ; then # if fail - # Remove newly created root volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - # Deactivate all lg and close the LUKS volume - deactivate_and_close; - return 1 ; - fi; - fi - fi - - if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 - if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" ] ; then # if extra volume 2 exist - cat <<- HEREDOC - ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" exists while non-overwrite install. ***** - ...Check consistency of your config.txt. - HEREDOC - # Remove newly created root volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 - # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" - fi - # Deactivate all lg and close the LUKS volume - deactivate_and_close - return 1 # with error status - else - echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." - lvcreate -l "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" - if [ $? -ne 0 ] ; then # if fail - # Remove newly created root volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 - # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" - fi - # Deactivate all lg and close the LUKS volume - deactivate_and_close; - return 1 ; - fi; - fi - fi + # Create extended volumes if needed + create_ext_lv + if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi fi @@ -503,6 +456,60 @@ function distribution_check(){ return 0 } +# ******************************************************************************* +# Create extended volume, if needed. +# ******************************************************************************* + + +function create_ext_lv() { + if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 + if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" ] ; then # if extra volume 1 exist + echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." + else + echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." + IS_LVEXT1_CREATED=1 + lvcreate -l "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" + if [ $? -ne 0 ] ; then # if fail + echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" + # Remove newly created root volume + if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # Is root created in this installation? + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + fi + return 1 ; + fi; + fi + fi + + if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 + if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" ] ; then # if extra volume 2 exist + echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." + else + echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." + IS_LVEXT2_CREATED=1 + lvcreate -l "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" + if [ $? -ne 0 ] ; then # if fail + echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" + # Remove newly created root volume + if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # newly created root must be deleted + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + fi + if [ "${IS_LVEXT1_CREATED}" -ne 0 ] ; then # Is LV EXT1 created in this volue? + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + return 1 ; + fi; + fi + fi + + # no error + return 0 + + +} # ******************************************************************************* # Error report and return revsers status. From f6d43382fecf3948dc66b37c0d42a76b3efdc2e5 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 08:41:18 +0900 Subject: [PATCH 72/97] Move lvremove. To simplify, removing new voluves are gathered to deactivate_and remove. --- script/lib/common.sh | 62 ++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 34 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 8524a69..c2a26e0 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -272,9 +272,9 @@ function pre_install() { return 1 # with error status else # not exist and not overwrite install echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." - IS_ROOT_CREATED=1 lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; + IS_ROOT_CREATED=1 # Create extended volumes if needed create_ext_lv @@ -388,6 +388,29 @@ function post_install() { # ******************************************************************************* function deactivate_and_close(){ + + + if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # if extra volume 1 created + # Remove newly created root volume + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" + fi + + + if [ "${IS_LVEXT1_CREATED}" -ne 0 ] ; then # if extra volume 1 created + # Remove newly created extra volume 1 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" + fi + + if [ "${IS_LVEXT2_CREATED}" -ne 0 ] ; then # if extra volume 2 created + # Remove newly created extra volume 2 + echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." + lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" + fi + + + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." vgchange -a n "${VGNAME}" echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." @@ -406,22 +429,6 @@ function on_unexpected_installer_quit(){ echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." - else # if not overwrite istall, delete the new volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - - if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 - # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" - fi - - if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 - # Remove newly created extra volume 2 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" - fi - fi # Deactivate all lg and close the LUKS volume deactivate_and_close @@ -467,16 +474,12 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." - IS_LVEXT1_CREATED=1 lvcreate -l "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" - # Remove newly created root volume - if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # Is root created in this installation? - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - fi return 1 ; + else # if success + IS_LVEXT1_CREATED=1 # Mark this volume is created fi; fi fi @@ -486,21 +489,12 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." - IS_LVEXT2_CREATED=1 lvcreate -l "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" - # Remove newly created root volume - if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # newly created root must be deleted - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - fi - if [ "${IS_LVEXT1_CREATED}" -ne 0 ] ; then # Is LV EXT1 created in this volue? - # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" - fi return 1 ; + else # if success + IS_LVEXT2_CREATED=1 # Mark this volume is created fi; fi fi From 121f1950b8829bbb80f8a56e10cfcdf66972cfd3 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:30:52 +0900 Subject: [PATCH 73/97] Update CHANGELOG to describe issue #31. Issue 31 : Add extra partition functionality. https://github.com/suikan4github/kaiten-yaki/issues/31 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c6a855..a783c3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added +- [Issue 31 : Add extra partition functionality.](https://github.com/suikan4github/kaiten-yaki/issues/31) + ### Changed ### Deprecated ### Removed From eb6f0eef0fe36543e5409600530a2550d20952ee Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:34:47 +0900 Subject: [PATCH 74/97] test subdirectory is removed. --- script/test/config01.sh | 112 ----------------------- script/test/test01.sh | 45 --------- script/test/trial.sh | 11 --- script/test/util_cleanup.sh | 28 ------ script/test/util_deactivate_and_close.sh | 23 ----- 5 files changed, 219 deletions(-) delete mode 100755 script/test/config01.sh delete mode 100755 script/test/test01.sh delete mode 100755 script/test/trial.sh delete mode 100755 script/test/util_cleanup.sh delete mode 100755 script/test/util_deactivate_and_close.sh diff --git a/script/test/config01.sh b/script/test/config01.sh deleted file mode 100755 index cfa8614..0000000 --- a/script/test/config01.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/bash - -# ##################################### - -# Test setup. -# /dev/sdb/ -# ERASEALL -# LVROOT 10% -# LVEXT1 90% -# LVEXT2 10% - -# ##################################### - -# Configuration parameters for Kaiten-Yaki - -# Storage device to install the linux. -export DEV="/dev/sdb" - -# Whether you want to erase all contents of the storage device or not. -# 1 : Yes, I want to erase all. -# 0 : No, I don't. I want to add to the existing LUKS volume. -export ERASEALL=1 - -# Logical Volume name for your Linux installation. -# Keep it unique from other distribution. -export LVROOTNAME="anko" - -# Suffix of the optional logical volumes. -# If you want to have optional OVs, set USELVEXT# to 1. -# Then, the suffix will be added to the LVROOTNAME. -# For example, Assume you have setting below : -# LVROOTNAME="anko" -# USELVEXT1=1 -# LVEXT1SUFFIX="_home" -# USELVEXT2=0 -# LVEXT2SUFFIX="_var" -# You will have -# anko -# anko_home -# You will not have anko_var because the USELVEXT2=0. -export USELVEXT1=1 -export LVEXT1SUFFIX="_home" -export USELVEXT2=1 -export LVEXT2SUFFIX="_var" - -# Logical volume size of the Linux installation. -# 30% mean, new logical volume will use 30% of the free space -# in the LVM volume group. For example, assume the free space is 100GB, -# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. -# Note that the order of the volume creation is : -# 1. EFI if needed -# 2. SWAP -# 3. LVROOT -# 4. LVEXT1 if needed -# 5. LVEXT2 if needed -export LVROOTSIZE="10%FREE" - -# Logical volume size of the optional volumes. -export LVEXT1SIZE="90%FREE" -export LVEXT2SIZE="100%FREE" - -# Set the size of EFI partition and swap partition. -# The unit is Byte. You can use M,G... notation. -export EFISIZE="200M" -export LVSWAPSIZE="8G" - -# Usually, these names can be left untouched. -# If you change, keep them consistent through all installation in your system. -export CRYPTPARTNAME="luks_test" -export VGNAME="vg_test" -export LVSWAPNAME="swap" - -# Do not touch this parameter, unless you understand what you are doing. -# 1 : Overwrite the existing logical volume as root volume. -# 0 : Create new logical volume as root volume. -export OVERWRITEINSTALL=0 - -# Do not touch this parameter, unless you understand what you are doing. -# This is a paameter value of the --iter-time option for cyrptsetup command. -# If you specify 1000, that means 1000mSec. 0 means compile default. -export ITERTIME=0 - -# Void Linux only. Ignored in Ubuntu. -# The font size of the void-installer -export XTERMFONTSIZE=11 - -# !!!!!!!!!!!!!! DO NOT EDIT FOLLOWING LINES. !!!!!!!!!!!!!! - -# Detect firmware type. 1 : EFI, 0 : BIOS -if [ -d /sys/firmware/efi ]; then -export ISEFI=1 # Yes, EFI -else -export ISEFI=0 # No, BIOS -fi # is EFI firmaare? - -# Set partition number based on the firmware type -if [ ${ISEFI} -ne 0 ] ; then -# EFI firmware -export EFIPARTITION=1 -export CRYPTPARTITION=2 -else -# BIOS firmware -export CRYPTPARTITION=1 -fi # EFI firmware - -# Detect the GUI environment -# This code is not efered. Just left because it is interestintg code. -if env | grep -w -e XDG_SESSION_TYPE -e DISPLAY -e WAYLAND_DISPLAY > /dev/null ; then - export GUIENV=1 # set 1 if GUI env. -else - export GUIENV=0 # set 0 if not GUI env. -fi \ No newline at end of file diff --git a/script/test/test01.sh b/script/test/test01.sh deleted file mode 100755 index a5a2de5..0000000 --- a/script/test/test01.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -u - - # shellcheck disable=SC1091 - # Load configuration parameter - source ./config01.sh - - # Load common functions - source ../lib/common.sh - -function main() { - - # This is the mount point of the install target. - export TARGETMOUNTPOINT="/target" - - # ******************************************************************************* - # Confirmation before installation - # ******************************************************************************* - - # parameters for distribution check - export DISTRIBUTIONSIGNATURE="ubuntu" - export DISTRIBUTIONNAME="Ubuntu" - - # Check whetehr given signature exist or not - if ! distribution_check ; then - return 1 # with error status - fi - - # Common part of the parameter confirmation - if ! confirmation ; then - return 1 # with error status - fi - - # ******************************************************************************* - # Pre-install stage - # ******************************************************************************* - - # Common part of the pre-install stage - if ! pre_install ; then - return 1 # with error status - fi -} - -# main routine -main - diff --git a/script/test/trial.sh b/script/test/trial.sh deleted file mode 100755 index 5106da8..0000000 --- a/script/test/trial.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -DISK=/dev/sdb - -DISKSIZE=$(blockdev --report ${DISK} | awk /${DISK}/'{print $6}') -VOLSIZE=$(lvdisplay --units B /dev/vg_test/anko | awk '/Size/{print $3}') - -echo $DISKSIZE -echo $VOLSIZE - -echo "scale=3; $VOLSIZE/$DISKSIZE" | bc \ No newline at end of file diff --git a/script/test/util_cleanup.sh b/script/test/util_cleanup.sh deleted file mode 100755 index 0701bb9..0000000 --- a/script/test/util_cleanup.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -u - - # shellcheck disable=SC1091 - # Load configuration parameter - source ./config01.sh - -# ******************************************************************************* -# Delete the nwe volume if overwrite install, and close all -# ******************************************************************************* -function util_cleanup(){ - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" - - if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 - # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" - fi - - if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 - # Remove newly created extra volume 2 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." - lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" - fi - -} - -util_cleanup diff --git a/script/test/util_deactivate_and_close.sh b/script/test/util_deactivate_and_close.sh deleted file mode 100755 index 2da7bb4..0000000 --- a/script/test/util_deactivate_and_close.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -u - - # shellcheck disable=SC1091 - # Load configuration parameter - source ./config01.sh - -# ******************************************************************************* -# Deactivate all LV in the VG and close LUKS volume -# ******************************************************************************* - -function util_deactivate_and_close(){ - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." - vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." - cryptsetup close "${CRYPTPARTNAME}" - cat <<- HEREDOC - - ...Installation process terminated.. - HEREDOC - -} - -util_deactivate_and_close From 7d3abc56b03c23e682ccf40ccd07e32cc7dfae8f Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:38:38 +0900 Subject: [PATCH 75/97] Add swapoff -a --- script/ubuntu-kaiten-yaki.sh | 3 +++ script/void-kaiten-yaki.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index adfbbdd..7b932e3 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -66,6 +66,9 @@ function main() { # The script is parameterized by env-variable to fit to the distribution post_install + # Free LUKS volume as swap volume. + swapoff -a + # Normal end return 0 diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index c63f906..d31adcc 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -81,6 +81,9 @@ function main() { # The script is parameterized by env-variable to fit to the distribution post_install + # Free LUKS volume as swap volume. + swapoff -a + # Normal end return 0 From 91cc1c3857c81628b02e05196b44b85a8ee88436 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:39:41 +0900 Subject: [PATCH 76/97] Add swap off to the script. At the end of the main() function of the scripts, added swapoff -a. Issue 32 : Ubuntu 22.04 fails to deactivate the swap https://github.com/suikan4github/kaiten-yaki/issues/32 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a783c3d..734ce7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ Record of the modification in project development. ### Deprecated ### Removed ### Fixed +- [Issue 32 : Ubuntu 22.04 fails to deactivate the swap](https://github.com/suikan4github/kaiten-yaki/issues/32) + ### Known Issue ## [1.2.0] - 2021-10-16 From 64e2edd173004ff1415512df0fe6fec6528eb143 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:44:45 +0900 Subject: [PATCH 77/97] Removed XTERMFONTSIZE variable. This variable is not used anymore. --- INSTALL.md | 3 --- script/config.sh | 3 --- 2 files changed, 6 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index a4ef2d6..9e3fdcb 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -92,9 +92,6 @@ export OVERWRITEINSTALL=0 # If you specify 1000, that means 1000mSec. 0 means compile default. export ITERTIME=0 -# Void Linux only. Ignored in Ubuntu. -# The font size of the void-installer -export XTERMFONTSIZE=11 ``` There are several restrictions : diff --git a/script/config.sh b/script/config.sh index 22f448f..c3203cd 100644 --- a/script/config.sh +++ b/script/config.sh @@ -69,9 +69,6 @@ export OVERWRITEINSTALL=0 # If you specify 1000, that means 1000mSec. 0 means compile default. export ITERTIME=0 -# Void Linux only. Ignored in Ubuntu. -# The font size of the void-installer -export XTERMFONTSIZE=11 # !!!!!!!!!!!!!! DO NOT EDIT FOLLOWING LINES. !!!!!!!!!!!!!! From ac709e15130fef8d471da0be04693345abec459d Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:48:01 +0900 Subject: [PATCH 78/97] Removed GUIENV variable. It is not used anymore. --- script/config.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/script/config.sh b/script/config.sh index c3203cd..096c64b 100644 --- a/script/config.sh +++ b/script/config.sh @@ -88,11 +88,3 @@ else # BIOS firmware export CRYPTPARTITION=1 fi # EFI firmware - -# Detect the GUI environment -# This code is not efered. Just left because it is interestintg code. -if env | grep -w -e XDG_SESSION_TYPE -e DISPLAY -e WAYLAND_DISPLAY > /dev/null ; then - export GUIENV=1 # set 1 if GUI env. -else - export GUIENV=0 # set 0 if not GUI env. -fi \ No newline at end of file From 03a294b407640d362caf6d773b3100dbc9ddac05 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 14:53:31 +0900 Subject: [PATCH 79/97] Unsed variables are removed Issue #35 Remove XTERMFONTSIZE variable. https://github.com/suikan4github/kaiten-yaki/issues/35 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 734ce7e..9e9dd79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ Record of the modification in project development. ### Changed ### Deprecated ### Removed +- [Issue 35 : Remove XTERMFONTSIZE variable.](https://github.com/suikan4github/kaiten-yaki/issues/35) + ### Fixed - [Issue 32 : Ubuntu 22.04 fails to deactivate the swap](https://github.com/suikan4github/kaiten-yaki/issues/32) From f0f081ad34eef12edfa858bc1042d4bf3cad4f19 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 21:05:47 +0900 Subject: [PATCH 80/97] Modify to accespt the absolute volume size. --- script/config.sh | 26 +++++++++++++++++--------- script/lib/common.sh | 26 ++++++++++++++++++++++---- 2 files changed, 39 insertions(+), 13 deletions(-) diff --git a/script/config.sh b/script/config.sh index 096c64b..a4b0e8e 100644 --- a/script/config.sh +++ b/script/config.sh @@ -32,27 +32,35 @@ export LVEXT1SUFFIX="_home" export USELVEXT2=0 export LVEXT2SUFFIX="_var" -# Logical volume size of the Linux installation. -# 30% mean, new logical volume will use 30% of the free space -# in the LVM volume group. For example, assume the free space is 100GB, -# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. + +# Volume size parameters. # Note that the order of the volume creation is : # 1. EFI if needed # 2. SWAP # 3. LVROOT # 4. LVEXT1 if needed # 5. LVEXT2 if needed -export LVROOTSIZE="10%FREE" - -# Logical volume size of the optional volumes. -export LVEXT1SIZE="90%FREE" -export LVEXT2SIZE="100%FREE" # Set the size of EFI partition and swap partition. # The unit is Byte. You can use M,G... notation. +# You CANNOT use the % notation. export EFISIZE="200M" + +# Logical volume size of the swap volumes. export LVSWAPSIZE="8G" +# Logical volume size of the Linux installation. +# There are four posibble way to specify the volume. +# nnnM, nnnG, nnnT : Absolute size speicification. nnnMbyte, nnnGByte, nnnT byte. +# mm%VG : Use mm% of the entire volume group. +# mm%FREE : Use mm% of the avairable storage are in the volume group. +export LVROOTSIZE="10G" + +# Logical volume size of the optional volumes. +export LVEXT1SIZE="30G" +export LVEXT2SIZE="10G" + + # Usually, these names can be left untouched. # If you change, keep them consistent through all installation in your system. export CRYPTPARTNAME="luks_volume" diff --git a/script/lib/common.sh b/script/lib/common.sh index c2a26e0..91a8d3f 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -141,6 +141,24 @@ function confirmation(){ return 1 # with error status fi # passphrase validation + + # Add -l or -L parameter to the size. The lvcreate command have two size parameter. + # -L ###[M|G|T|m|g|t] : Size by absolute value. + # -l ###%[FREE|VG|PVS|ORIGIN] : Size by relative value. + # If Unit is not specified, installation will fail. + + LVSWAPSIZE=$(echo "${LVSWAPSIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + export LVSWAPSIZE + + LVROOTSIZE=$(echo "${LVROOTSIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + export LVROOTSIZE + + LVEXT1SIZE=$(echo "${LVEXT1SIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + export LVEXT1SIZE + + LVEXT2SIZE=$(echo "${LVEXT2SIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + export LVEXT2SIZE + # succesfull return return 0 } @@ -239,7 +257,7 @@ function pre_install() { echo "...Swap volume already exist. Skipped to create. No problem." else echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." - lvcreate -L "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" + lvcreate "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi # if /dev/mapper/swap volume already exit. @@ -272,7 +290,7 @@ function pre_install() { return 1 # with error status else # not exist and not overwrite install echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." - lvcreate -l "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" + lvcreate "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; IS_ROOT_CREATED=1 @@ -474,7 +492,7 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." - lvcreate -l "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" + lvcreate "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" return 1 ; @@ -489,7 +507,7 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." - lvcreate -l "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" + lvcreate "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" return 1 ; From d322e8d5c54e09d2c3a498f01171e2a1fde8f145 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 21:35:29 +0900 Subject: [PATCH 81/97] Unquoted first parameter of lvcreate. This is to use the IFS ( Internal Field Separator ). Without IFS the string "-L 8G" will be wrapped by single quote like '-L 8G', while we need -L 8G. --- script/lib/common.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 91a8d3f..a1bd2f5 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -257,7 +257,8 @@ function pre_install() { echo "...Swap volume already exist. Skipped to create. No problem." else echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." - lvcreate "${LVSWAPSIZE}" -n "${LVSWAPNAME}" "${VGNAME}" + # Too use the bash IFS, first parameter is not quoted. + lvcreate ${LVSWAPSIZE} -n "${LVSWAPNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi # if /dev/mapper/swap volume already exit. @@ -290,7 +291,8 @@ function pre_install() { return 1 # with error status else # not exist and not overwrite install echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." - lvcreate "${LVROOTSIZE}" -n "${LVROOTNAME}" "${VGNAME}" + # Too use the bash IFS, first parameter is not quoted. + lvcreate ${LVROOTSIZE} -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; IS_ROOT_CREATED=1 @@ -492,7 +494,8 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." - lvcreate "${LVEXT1SIZE}" -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" + # Too use the bash IFS, first parameter is not quoted. + lvcreate ${LVEXT1SIZE} -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" return 1 ; @@ -507,7 +510,8 @@ function create_ext_lv() { echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." else echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." - lvcreate "${LVEXT2SIZE}" -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" + # Too use the bash IFS, first parameter is not quoted. + lvcreate ${LVEXT2SIZE} -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail echo "***** ERROR : failed to create "${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" . *****" return 1 ; From 425181aff1f0139bc23609aece48280c38b07542 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 7 May 2022 22:02:42 +0900 Subject: [PATCH 82/97] Fix the duplicate awk match. Now, it exits the process when the first pattern is procesed. --- script/lib/common.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index a1bd2f5..c37b0f9 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -143,20 +143,21 @@ function confirmation(){ # Add -l or -L parameter to the size. The lvcreate command have two size parameter. - # -L ###[M|G|T|m|g|t] : Size by absolute value. # -l ###%[FREE|VG|PVS|ORIGIN] : Size by relative value. + # -L ###[M|G|T|m|g|t] : Size by absolute value. + # Too preven the duplicated match, awk exists the process after it match the /%/ pattern. # If Unit is not specified, installation will fail. - LVSWAPSIZE=$(echo "${LVSWAPSIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + LVSWAPSIZE=$(echo "${LVSWAPSIZE}" | awk '/%/{print "-l", $0; exit} /M|G|T|m|g|t/{print "-L", $0}') export LVSWAPSIZE - LVROOTSIZE=$(echo "${LVROOTSIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + LVROOTSIZE=$(echo "${LVROOTSIZE}" | awk '/%/{print "-l", $0; exit} /M|G|T|m|g|t/{print "-L", $0}') export LVROOTSIZE - LVEXT1SIZE=$(echo "${LVEXT1SIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + LVEXT1SIZE=$(echo "${LVEXT1SIZE}" | awk '/%/{print "-l", $0; exit} /M|G|T|m|g|t/{print "-L", $0}') export LVEXT1SIZE - LVEXT2SIZE=$(echo "${LVEXT2SIZE}" | awk '/M|G|T|m|g|t/{print "-L", $0} /%/ {print "-l", $0}') + LVEXT2SIZE=$(echo "${LVEXT2SIZE}" | awk '/%/{print "-l", $0; exit} /M|G|T|m|g|t/{print "-L", $0}') export LVEXT2SIZE # succesfull return From d7b319a89f89b47ba848d1ee8d4777bd693128b7 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 05:53:44 +0900 Subject: [PATCH 83/97] Update CHANGELOG for feature/33 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e9dd79..c5a4e66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added - [Issue 31 : Add extra partition functionality.](https://github.com/suikan4github/kaiten-yaki/issues/31) +- [Issue 35 : Support "M/G/T" as size prefix.](https://github.com/suikan4github/kaiten-yaki/issues/35) ### Changed ### Deprecated From d45481b194d01d5a7fef89b7612031bc1de32609 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 07:44:13 +0900 Subject: [PATCH 84/97] Update installatin and readme. --- INSTALL.md | 86 +++++++++++++++++++++++++++++++++++++++++++++++------- README.md | 4 +-- 2 files changed, 78 insertions(+), 12 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 9e3fdcb..8fe6591 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -48,7 +48,8 @@ Followings are the set of the default settings of the parameters : - In the case of EFI firmware, 200MB is allocated to the EFI partition (EFISIZE). - Create a logical volume group named "vg1" in the encrypted volume (VGNAME) - Create a swap logical volume named "swap" in the "vg1". The size is 8GB (LVSWAPNAME,LVSWAPSIZE) -- Create a logical volume named **"anko"** as root volume, in the "vg1". The size of the new volume is the **50%** of the free space (LVROOTNAME, LVROOTSIZE). +- Create a logical volume named **"anko"** as root volume, in the "vg1". The size of the new volume is the **10GB** (LVROOTNAME, LVROOTSIZE). +- No Extra volumes will be created (USELVEXT1, LVEXT1SUFFIX, LVEXT1SIZE, USELVEXT2, LVEXT2SUFFIX, LVEXT2SIZE). ```sh # Configuration parameters for Kaiten-Yaki @@ -65,17 +66,53 @@ export ERASEALL=0 # Keep it unique from other distribution. export LVROOTNAME="anko" -# Logical volume size of the Linux installation. -# 30% mean, new logical volume will use 30% of the free space -# in the LVM volume group. For example, assume the free space is 100GB, -# and LVROOTSIZE is 30%FREE. Script will create 30GB logical volume. -export LVROOTSIZE="50%FREE" +# Suffix of the optional logical volumes. +# If you want to have optional OVs, set USELVEXT# to 1. +# Then, the suffix will be added to the LVROOTNAME. +# For example, Assume you have setting below : +# LVROOTNAME="anko" +# USELVEXT1=1 +# LVEXT1SUFFIX="_home" +# USELVEXT2=0 +# LVEXT2SUFFIX="_var" +# You will have +# anko +# anko_home +# You will not have anko_var because the USELVEXT2=0. +export USELVEXT1=0 +export LVEXT1SUFFIX="_home" +export USELVEXT2=0 +export LVEXT2SUFFIX="_var" + + +# Volume size parameters. +# Note that the order of the volume creation is : +# 1. EFI if needed +# 2. SWAP +# 3. LVROOT +# 4. LVEXT1 if needed +# 5. LVEXT2 if needed # Set the size of EFI partition and swap partition. # The unit is Byte. You can use M,G... notation. +# You CANNOT use the % notation. export EFISIZE="200M" + +# Logical volume size of the swap volumes. export LVSWAPSIZE="8G" +# Logical volume size of the Linux installation. +# There are four posibble way to specify the volume. +# nnnM, nnnG, nnnT : Absolute size speicification. nnnMbyte, nnnGByte, nnnT byte. +# mm%VG : Use mm% of the entire volume group. +# mm%FREE : Use mm% of the avairable storage are in the volume group. +export LVROOTSIZE="10G" + +# Logical volume size of the optional volumes. +export LVEXT1SIZE="30G" +export LVEXT2SIZE="10G" + + # Usually, these names can be left untouched. # If you change, keep them consistent through all installation in your system. export CRYPTPARTNAME="luks_volume" @@ -92,15 +129,22 @@ export OVERWRITEINSTALL=0 # If you specify 1000, that means 1000mSec. 0 means compile default. export ITERTIME=0 + ``` There are several restrictions : - For the first distribution installation, you must set ERASEALL to 1, to erase the entire storage device and create a LUKS partition. Kaiten-yaki script creates a maximum LUKS partition as possible. -- The LVROOTNAME must be unique among all installations in a computer. Otherwise, Kaiten-yaki terminates in a middle. -- The LVSWAPNAME must be identical among all installations in a computer. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. +- The CRYPTPARTNAME and VGNAME must be unique among all installations in a physical disk. Otherwise, Kaiten-yaki terminates in a middle. +- The LVSWAPNAME must be identical among all installations in a physical disk. Otherwise, Kaiten-yaki creates an unnecessary logical volume. This is a waste of storage resources. - The EFISIZE and the LVSWAPSIZE are refereed during the first distribution installation only. -- The LVROOTSIZE is the size of a logical volume to create. This is a relative value to the existing free space in the volume group. If you want to install 3 distributions in a computer, you may want to set 33%FREE, 50%FREE, and 100%FREE for the first, second, and third distribution installation, respectively. -- The name with "-" is not allowed for the VGNAME, LVROOTNAME, and LVSWAPNAME. I saw some installer doesn't work if "-" in in the name. +- The LVROOTSIZE, LVEXT1SIZE, LVEXT2SIZE are the size of a logical volumes to create. There are several way to specify the size ( where n is number) : + - nnnM : New logical volume size is nnn**MByte**. + - nnnG : New logical volume size is nnn**GByte**. + - nnnT : New logical volume size is nnn**TByte**. + - nn%VG : New logical volume size is nn% of the **entire volume group**. + - nn%FREE : New logical volume size is nn% of the **free space** in the volume group. +- The name with "-" is not allowed for the VGNAME, LVROOTNAME, and LVSWAPNAME. I saw some distribution installer doesn't work if "-" in in the name. + ### About the overwrite-install The OVERWRITEINSTALL parameter allows you to use an existing logical volume as the root volume of the new installation. This is very dangerous because of several aspects like destroying the wrong volume and the risk of security. But sometimes it is @@ -128,6 +172,28 @@ The unit of value is milliseconds. The target linux kernel may take this duratio The smaller value gives the weaker security. +### About the extra logical volume +From ver 1.3.0, Kaiten-yaki support two extra volume in addition to LVROOT and LVSWAP. +- LVEXT1 +- LVEXT2 + +The usage of the extra logical volume is up to the user. Typically, user may want to use it for example separated /home partition. + +The name of the extra volume is the concatenation of the LVROOTNAME and LVEXTnSUFFIX ( where n is 1 or 2 ). For example, let's assume following configuration : +- LVROOTNAME="FOO" +- LVEXT1SUFFIX="_BAR" + +Thus, the name of the LVEXT1 is "FOO_BAR". + +### Partition and logical volume creation order. +Kaiten-yaki creates the partition/volume in the following order : +1. EFI partition +1. LUKS partition +1. LVSWAP +1. LVROOT +1. LVEXT1 +1. LVEXT2 + ## First stage: Setting up the volumes After you set the configuration parameters correctly, execute the following command from the shell. Again, you have to be promoted as the root user, and you have to use Bash. diff --git a/README.md b/README.md index aff6af9..2376bfb 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # Kaiten-yaki: Full disk encryption install script for Linux -Kaiten-yaki is a script set to install Linux to your AMD64 desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. +Kaiten-yaki v1.3.0 is a script set to install Linux to your AMD64 desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. The followings are the list of functionalities: - Ubuntu and Void Linux. - Help to install from LiveCD/USB. - Invoke GUI/TUI installer automatically at the middle of script execution, for the ease of installation. -- Automatic detection of BIOS/EFI firmware and create MBR/GPT, respectively. +- Automatic detection of EFI firmware and create GPT( The BIOS detection and MBR creation function exist. But it is not maintained from v1.3.0 ). - Create an EFI partition, if needed. - Support multiple boot in a LUKS partition. - Support btrfs in addition to the major file systems. From 27a64ba0668278fdde34fe20c14d005b64738b1f Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 08:51:20 +0900 Subject: [PATCH 85/97] Issue 34 : BIOS support should be obsoleted This is still documented only. Functionality exists. Just not tested anymore. https://github.com/suikan4github/kaiten-yaki/issues/34 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5a4e66..554e54f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ Record of the modification in project development. ### Changed ### Deprecated +- [Issue 34 : BIOS support should be obsoleted ](https://github.com/suikan4github/kaiten-yaki/issues/34) + ### Removed - [Issue 35 : Remove XTERMFONTSIZE variable.](https://github.com/suikan4github/kaiten-yaki/issues/35) From 6722b160cb8ea3d0591adb15fa3795ae7c9bbed7 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 12:25:24 +0900 Subject: [PATCH 86/97] Clear passphrase information before exit. --- script/lib/common.sh | 3 +++ script/ubuntu-kaiten-yaki.sh | 6 ++++++ script/void-kaiten-yaki.sh | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/script/lib/common.sh b/script/lib/common.sh index c37b0f9..2a34de0 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -139,6 +139,9 @@ function confirmation(){ ...Installation process terminated.. HEREDOC return 1 # with error status + else + # Clear the PASSPHRASE for checking because we don't use it anymore. + PASSPHRASE_C="" fi # passphrase validation diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index 7b932e3..e3b4b5d 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -67,8 +67,14 @@ function main() { post_install # Free LUKS volume as swap volume. + echo "...Disabling swap to release the LUKS volume." swapoff -a + # Deleting the passphrase information. + echo "...Deleting passphrase information." + PASSPHRASE="" + export PASSPHRASE + # Normal end return 0 diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index d31adcc..a49a378 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -82,8 +82,14 @@ function main() { post_install # Free LUKS volume as swap volume. + echo "...Disabling swap to release the LUKS volume." swapoff -a + # Deleting the passphrase information. + echo "...Deleting passphrase information." + PASSPHRASE="" + export PASSPHRASE + # Normal end return 0 From b81ec5667ca52f52bc0b0932a8afe3a182086685 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 12:26:57 +0900 Subject: [PATCH 87/97] Record #36 to CHANGELOG. Issue 36 : Clear the PASSPHRASE variable at the end of installation https://github.com/suikan4github/kaiten-yaki/issues/36 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 554e54f..011e46a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ Record of the modification in project development. ### Fixed - [Issue 32 : Ubuntu 22.04 fails to deactivate the swap](https://github.com/suikan4github/kaiten-yaki/issues/32) +- [Issue 36 : Clear the PASSPHRASE variable at the end of installation](https://github.com/suikan4github/kaiten-yaki/issues/36) ### Known Issue From 4a69ef1db6b80121501e1e7d62dcd315a3c31fd4 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 8 May 2022 12:28:41 +0900 Subject: [PATCH 88/97] Correct the informaiton in CHANGELOG. Issue 33 was written as 35. It was mistake. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 011e46a..0337c3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added - [Issue 31 : Add extra partition functionality.](https://github.com/suikan4github/kaiten-yaki/issues/31) -- [Issue 35 : Support "M/G/T" as size prefix.](https://github.com/suikan4github/kaiten-yaki/issues/35) +- [Issue 33 : Support "M/G/T" as size prefix.](https://github.com/suikan4github/kaiten-yaki/issues/33) ### Changed ### Deprecated From f725af8f443bb9d9162fdc4e53e18f1b7bf7cb27 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 10 May 2022 21:25:51 +0900 Subject: [PATCH 89/97] Issue 38 : "Ready to reboot" message should be changed https://github.com/suikan4github/kaiten-yaki/issues/38 --- CHANGELOG.md | 1 + script/lib/common.sh | 10 +++++----- script/ubuntu-kaiten-yaki.sh | 7 +++++++ script/void-kaiten-yaki.sh | 7 +++++++ 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0337c3e..a40efae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ Record of the modification in project development. ### Fixed - [Issue 32 : Ubuntu 22.04 fails to deactivate the swap](https://github.com/suikan4github/kaiten-yaki/issues/32) - [Issue 36 : Clear the PASSPHRASE variable at the end of installation](https://github.com/suikan4github/kaiten-yaki/issues/36) +- [Issue 38 : "Ready to reboot" message should be changed](https://github.com/suikan4github/kaiten-yaki/issues/38) ### Known Issue diff --git a/script/lib/common.sh b/script/lib/common.sh index 2a34de0..829cbb4 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -395,12 +395,12 @@ function post_install() { echo "...Unmounting all." umount -R -l "${TARGETMOUNTPOINT}" - # Finishing message - cat <<- HEREDOC - ****************** Post-install process finished ****************** + echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + vgchange -a n "${VGNAME}" + echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + cryptsetup close "${CRYPTPARTNAME}" - ...Ready to reboot. - HEREDOC + echo "...Post install process finished." return 0 diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index e3b4b5d..93952a6 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -75,6 +75,13 @@ function main() { PASSPHRASE="" export PASSPHRASE + # Finishing message + cat <<- HEREDOC + ****************** Install process finished ****************** + + ...Ready to reboot. + HEREDOC + # Normal end return 0 diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index a49a378..4a9c899 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -90,6 +90,13 @@ function main() { PASSPHRASE="" export PASSPHRASE + # Finishing message + cat <<- HEREDOC + ****************** Install process finished ****************** + + ...Ready to reboot. + HEREDOC + # Normal end return 0 From 555bf5a38e064e66bef370ffd3012a7c4c2f80a2 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Tue, 10 May 2022 22:22:30 +0900 Subject: [PATCH 90/97] Refactor the closing sequence. All closing sequence is gathered to the post-install(). --- script/lib/common.sh | 19 ++++++++++++++++++- script/ubuntu-kaiten-yaki.sh | 16 ---------------- script/void-kaiten-yaki.sh | 16 ---------------- 3 files changed, 18 insertions(+), 33 deletions(-) diff --git a/script/lib/common.sh b/script/lib/common.sh index 829cbb4..e9d5ec9 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -395,12 +395,29 @@ function post_install() { echo "...Unmounting all." umount -R -l "${TARGETMOUNTPOINT}" + echo "...Post install process finished." + + # Free LUKS volume as swap volume. + echo "...Disabling swap to release the LUKS volume." + swapoff -a + + # Close LUKS echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." vgchange -a n "${VGNAME}" echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." cryptsetup close "${CRYPTPARTNAME}" - echo "...Post install process finished." + # Deleting the passphrase information. + echo "...Deleting passphrase information." + PASSPHRASE="" + export PASSPHRASE + + # Finishing message + cat <<- HEREDOC + ****************** Install process finished ****************** + + ...Ready to reboot. + HEREDOC return 0 diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index 93952a6..adfbbdd 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -66,22 +66,6 @@ function main() { # The script is parameterized by env-variable to fit to the distribution post_install - # Free LUKS volume as swap volume. - echo "...Disabling swap to release the LUKS volume." - swapoff -a - - # Deleting the passphrase information. - echo "...Deleting passphrase information." - PASSPHRASE="" - export PASSPHRASE - - # Finishing message - cat <<- HEREDOC - ****************** Install process finished ****************** - - ...Ready to reboot. - HEREDOC - # Normal end return 0 diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index 4a9c899..c63f906 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -81,22 +81,6 @@ function main() { # The script is parameterized by env-variable to fit to the distribution post_install - # Free LUKS volume as swap volume. - echo "...Disabling swap to release the LUKS volume." - swapoff -a - - # Deleting the passphrase information. - echo "...Deleting passphrase information." - PASSPHRASE="" - export PASSPHRASE - - # Finishing message - cat <<- HEREDOC - ****************** Install process finished ****************** - - ...Ready to reboot. - HEREDOC - # Normal end return 0 From 73b3329cd79484090b071c27dfaff7ffba0ca75a Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 11 May 2022 07:16:08 +0900 Subject: [PATCH 91/97] Add "[Kaiten-Yaki]" to the message header --- script/config.sh | 2 +- script/lib/chrooted_job_ubuntu.sh | 12 +-- script/lib/chrooted_job_void.sh | 14 +-- script/lib/common.sh | 140 +++++++++++++++--------------- script/ubuntu-kaiten-yaki.sh | 20 ++--- script/void-kaiten-yaki.sh | 24 ++--- 6 files changed, 106 insertions(+), 106 deletions(-) diff --git a/script/config.sh b/script/config.sh index a4b0e8e..4ed7602 100644 --- a/script/config.sh +++ b/script/config.sh @@ -42,7 +42,7 @@ export LVEXT2SUFFIX="_var" # 5. LVEXT2 if needed # Set the size of EFI partition and swap partition. -# The unit is Byte. You can use M,G... notation. +# The unit is Byte. You can use M,G[Kaiten-Yaki] notation. # You CANNOT use the % notation. export EFISIZE="200M" diff --git a/script/lib/chrooted_job_ubuntu.sh b/script/lib/chrooted_job_ubuntu.sh index 9fdc473..2470a61 100644 --- a/script/lib/chrooted_job_ubuntu.sh +++ b/script/lib/chrooted_job_ubuntu.sh @@ -6,7 +6,7 @@ function chrooted_job() { mount -a # Prepare the crypto tool in the install target - echo "...Installing cryptsetup-initramfs package." + echo "[Kaiten-Yaki] Installing cryptsetup-initramfs package." apt -qq install -y cryptsetup-initramfs # Prepare a new key file to embed in to the ramfs. @@ -14,28 +14,28 @@ function chrooted_job() { # The new key is 4096byte length binary value. # Because this key is sotred as "cleartext", in the target file sysmte, # only root is allowed to access this key file. - echo "...Prepairing key file." + echo "[Kaiten-Yaki] Prepairing key file." mkdir /etc/luks dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none chmod u=rx,go-rwx /etc/luks chmod u=r,go-rwx /etc/luks/boot_os.keyfile # Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot. - echo "...Adding a key to the key file." + echo "[Kaiten-Yaki] Adding a key to the key file." printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile # Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" - echo "...Adding LUKS volume info to /etc/crypttab." + echo "[Kaiten-Yaki] Adding LUKS volume info to /etc/crypttab." echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab # Add key file to the list of the intems in initramfs. # See https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html for detail - echo "...Directing to include keyfile into the initramfs" + echo "[Kaiten-Yaki] Directing to include keyfile into the initramfs" echo "KEYFILE_PATTERN=/etc/luks/*.keyfile" >> /etc/cryptsetup-initramfs/conf-hook echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." + echo "[Kaiten-Yaki] Upadting initramfs." update-initramfs -uk all # Leave chroot diff --git a/script/lib/chrooted_job_void.sh b/script/lib/chrooted_job_void.sh index 2bb8430..a908bbb 100644 --- a/script/lib/chrooted_job_void.sh +++ b/script/lib/chrooted_job_void.sh @@ -6,7 +6,7 @@ function chrooted_job() { mount -a # Prepare the crypto tool in the install target - echo "...Installing cryptsetup-initramfs package." + echo "[Kaiten-Yaki] Installing cryptsetup-initramfs package." xbps-install -y lvm2 cryptsetup # Prepare a new key file to embed in to the ramfs. @@ -14,29 +14,29 @@ function chrooted_job() { # The new key is 4096byte length binary value. # Because this key is sotred as "cleartext", in the target file sysmte, # only root is allowed to access this key file. - echo "...Prepairing key file." + echo "[Kaiten-Yaki] Prepairing key file." mkdir /etc/luks dd if=/dev/urandom of=/etc/luks/boot_os.keyfile bs=4096 count=1 status=none chmod u=rx,go-rwx /etc/luks chmod u=r,go-rwx /etc/luks/boot_os.keyfile # Add the new key to the LUKS 2nd key slot. The passphrase is required to modify the LUKS keyslot. - echo "...Adding a key to the key file." + echo "[Kaiten-Yaki] Adding a key to the key file." printf %s "${PASSPHRASE}" | cryptsetup luksAddKey --iter-time "${ITERTIME}" -d - "${DEV}${CRYPTPARTITION}" /etc/luks/boot_os.keyfile # Register the LUKS voluem to /etc/crypttab to tell "This volume is encrypted" - echo "...Adding LUKS volume info to /etc/crypttab." + echo "[Kaiten-Yaki] Adding LUKS volume info to /etc/crypttab." echo "${CRYPTPARTNAME} UUID=$(blkid -s UUID -o value ${DEV}${CRYPTPARTITION}) /etc/luks/boot_os.keyfile luks,discard" >> /etc/crypttab # Add key file to the list of the intems in initramfs. # See https://man7.org/linux/man-pages/man5/dracut.conf.5.html for details. - echo "...Directing to include keyfile into the initramfs" + echo "[Kaiten-Yaki] Directing to include keyfile into the initramfs" echo 'install_items+=" /etc/luks/boot_os.keyfile /etc/crypttab " ' >> /etc/dracut.conf.d/10-crypt.conf # Finally, update the ramfs initial image with the key file. - echo "...Upadting initramfs." + echo "[Kaiten-Yaki] Upadting initramfs." xbps-reconfigure -fa - echo "...grub-mkconfig." + echo "[Kaiten-Yaki] grub-mkconfig." grub-mkconfig -o /boot/grub/grub.cfg # Leave chroot diff --git a/script/lib/common.sh b/script/lib/common.sh index e9d5ec9..ddd4fa0 100644 --- a/script/lib/common.sh +++ b/script/lib/common.sh @@ -9,11 +9,11 @@ function confirmation(){ if [ "${ERASEALL}" -ne 0 ] && [ "${OVERWRITEINSTALL}" -ne 0 ] ; then cat <<- HEREDOC ***** ERROR : Confliction between ERASEALL and OVERWRITEINSTALL ***** - ...ERASEALL = ${ERASEALL} - ...OVERWRITEINSTALL = ${OVERWRITEINSTALL} - ...Check configuration in your config.sh + [Kaiten-Yaki] ERASEALL = ${ERASEALL} + [Kaiten-Yaki] OVERWRITEINSTALL = ${OVERWRITEINSTALL} + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi @@ -22,10 +22,10 @@ function confirmation(){ if echo "${VGNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume group name. cat <<- HEREDOC ***** ERROR : VGNAME is "${VGNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh + [Kaiten-Yaki] "-" is not allowed in the volume name. + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # "-" is found in the volume group name. @@ -34,10 +34,10 @@ function confirmation(){ if echo "${LVROOTNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. cat <<- HEREDOC ***** ERROR : LVROOTNAME is "${LVROOTNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh + [Kaiten-Yaki] "-" is not allowed in the volume name. + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # "-" is found in the volume name. @@ -47,10 +47,10 @@ function confirmation(){ if echo "${LVEXT1SUFFIX}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. cat <<- HEREDOC ***** ERROR : LVEXT1SUFFIX is "${LVEXT1SUFFIX}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh + [Kaiten-Yaki] "-" is not allowed in the volume name. + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # "-" is found in the volume suffix. @@ -61,10 +61,10 @@ function confirmation(){ if echo "${LVEXT2SUFFIX}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. cat <<- HEREDOC ***** ERROR : LVEXT2SUFFIX is "${LVEXT2SUFFIX}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh + [Kaiten-Yaki] "-" is not allowed in the volume name. + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # "-" is found in the volume suffix. @@ -74,10 +74,10 @@ function confirmation(){ if echo "${LVSWAPNAME}" | grep "-" -i > /dev/null ; then # "-" is found in the volume name. cat <<- HEREDOC ***** ERROR : LVSWAPNAME is "${LVSWAPNAME}" ***** - ..."-" is not allowed in the volume name. - ...Check configuration in your config.sh + [Kaiten-Yaki] "-" is not allowed in the volume name. + [Kaiten-Yaki] Check configuration in your config.sh - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # "-" is found in the volume name. @@ -113,22 +113,22 @@ function confirmation(){ HEREDOC if [ "${ERASEALL}" -ne 0 ] ; then - echo "Going to erase entire disk ${DEV}." + echo "[Kaiten-Yaki] Going to erase entire disk ${DEV}." elif [ "${OVERWRITEINSTALL}" -ne 0 ] ; then - echo "Going to overwrite the logical volume \"${VGNAME}-${LVROOTNAME}\"." + echo "[Kaiten-Yaki] Going to overwrite the logical volume \"${VGNAME}-${LVROOTNAME}\"." else - echo "Going to create a new logical volume \"${VGNAME}-${LVROOTNAME}\"." + echo "[Kaiten-Yaki] Going to create a new logical volume \"${VGNAME}-${LVROOTNAME}\"." fi # ----- Set Passphrase ----- # Input passphrase echo "" - echo "Type passphrase for the disk encryption." + echo "[Kaiten-Yaki] Type passphrase for the disk encryption." read -sr PASSPHRASE export PASSPHRASE - echo "Type passphrase again, to confirm." + echo "[Kaiten-Yaki] Type passphrase again, to confirm." read -sr PASSPHRASE_C # Validate whether both are indentical or not @@ -136,7 +136,7 @@ function confirmation(){ cat <<-HEREDOC ***** ERROR : Passphrase doesn't match ***** - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status else @@ -186,19 +186,19 @@ function pre_install() { # Assign specified space and rest of disk to the EFI and LUKS partition, respectively. if [ "${ISEFI}" -ne 0 ] ; then # EFI # Zap existing partition table and create new GPT - echo "...Initializing \"${DEV}\" with GPT." + echo "[Kaiten-Yaki] Initializing \"${DEV}\" with GPT." sgdisk --zap-all "${DEV}" if is_error ; then return 1 ; fi; # If error, terminate # Create EFI partition and format it - echo "...Creating an EFI partition on \"${DEV}\"." + echo "[Kaiten-Yaki] Creating an EFI partition on \"${DEV}\"." # shellcheck disable=SC2140 sgdisk --new="${EFIPARTITION}":0:+"${EFISIZE}" --change-name="${EFIPARTITION}":"EFI System" --typecode="${EFIPARTITION}":ef00 "${DEV}" if is_error ; then return 1 ; fi; # If error, terminate - echo "...Formatting the EFI parttion." + echo "[Kaiten-Yaki] Formatting the EFI parttion." mkfs.vfat -F 32 -n EFI-SP "${DEV}${EFIPARTITION}" if is_error ; then return 1 ; fi; # If error, terminate # Create Linux partition - echo "...Creating a Linux partition on ${DEV}." + echo "[Kaiten-Yaki] Creating a Linux partition on ${DEV}." # shellcheck disable=SC2140 sgdisk --new="${CRYPTPARTITION}":0:0 --change-name="${CRYPTPARTITION}":"Linux LUKS" --typecode="${CRYPTPARTITION}":8309 "${DEV}" if is_error ; then return 1 ; fi; # If error, terminate @@ -206,11 +206,11 @@ function pre_install() { sgdisk --print "${DEV}" else # BIOS # Zap existing partition table - echo "...Erasing partition table of \"${DEV}\"." + echo "[Kaiten-Yaki] Erasing partition table of \"${DEV}\"." dd if=/dev/zero of="${DEV}" bs=512 count=1 if is_error ; then return 1 ; fi; # If error, terminate # Create MBR and allocate max storage for Linux partition - echo "...Creating a Linux partition on ${DEV} with MBR." + echo "[Kaiten-Yaki] Creating a Linux partition on ${DEV} with MBR." sfdisk "${DEV}" <<- HEREDOC 2M,,L HEREDOC @@ -218,23 +218,23 @@ function pre_install() { fi # if EFI firmware # Encrypt the partition to install Linux - echo "...Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" + echo "[Kaiten-Yaki] Initializing \"${DEV}${CRYPTPARTITION}\" as crypt partition" printf %s "${PASSPHRASE}" | cryptsetup luksFormat --iter-time "${ITERTIME}" --type=luks1 --key-file - --batch-mode "${DEV}${CRYPTPARTITION}" fi # if erase all # ----- Open the LUKS partition ----- # Open the crypt partition. - echo "...Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" + echo "[Kaiten-Yaki] Opening a crypt partition \"${DEV}${CRYPTPARTITION}\" as \"${CRYPTPARTNAME}\"" printf %s "${PASSPHRASE}" | cryptsetup open -d - "${DEV}${CRYPTPARTITION}" "${CRYPTPARTNAME}" # Check whether successful open. If mapped, it is successful. if [ ! -e /dev/mapper/"${CRYPTPARTNAME}" ] ; then cat <<- HEREDOC ***** ERROR : Cannot open LUKS volume "${CRYPTPARTNAME}" on "${DEV}${CRYPTPARTITION}". ***** - ...Check passphrase and your config.txt + [Kaiten-Yaki] Check passphrase and your config.txt - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # if crypt volume is unable to open @@ -242,25 +242,25 @@ function pre_install() { # ----- Configure the LVM in LUKS volume ----- # Check volume group ${VGNAME} exist or not if vgdisplay -s "${VGNAME}" &> /dev/null ; then # if exist - echo "...Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." - echo "...Activating all logical volumes in volume group \"${VGNAME}\"." + echo "[Kaiten-Yaki] Volume group \"${VGNAME}\" already exist. Skipped to create. No problem." + echo "[Kaiten-Yaki] Activating all logical volumes in volume group \"${VGNAME}\"." vgchange -ay - echo "...Scanning all logical volumes." + echo "[Kaiten-Yaki] Scanning all logical volumes." lvscan else - echo "...Initializing a physical volume on \"${CRYPTPARTNAME}\"" + echo "[Kaiten-Yaki] Initializing a physical volume on \"${CRYPTPARTNAME}\"" pvcreate /dev/mapper/"${CRYPTPARTNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; - echo "...And then creating Volume group \"${VGNAME}\"." + echo "[Kaiten-Yaki] And then creating Volume group \"${VGNAME}\"." vgcreate "${VGNAME}" /dev/mapper/"${CRYPTPARTNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; fi # if /dev/volume-groupt exist # Create a SWAP Logical Volume on VG, if it doesn't exist if [ -e /dev/mapper/"${VGNAME}"-"${LVSWAPNAME}" ] ; then - echo "...Swap volume already exist. Skipped to create. No problem." + echo "[Kaiten-Yaki] Swap volume already exist. Skipped to create. No problem." else - echo "...Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." + echo "[Kaiten-Yaki] Creating logical volume \"${LVSWAPNAME}\" on \"${VGNAME}\"." # Too use the bash IFS, first parameter is not quoted. lvcreate ${LVSWAPSIZE} -n "${LVSWAPNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; @@ -269,7 +269,7 @@ function pre_install() { # Create a ROOT Logical Volume on VG. if [ -e /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" ] ; then # exist if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # exist and overwrite install - echo "...Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." + echo "[Kaiten-Yaki] Logical volume \"${VGNAME}-${LVROOTNAME}\" already exists. OK." # Create extended volumes if needed create_ext_lv @@ -278,7 +278,7 @@ function pre_install() { else # exist and not overwriteinstall cat <<- HEREDOC ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" already exists. ***** - ...Check LVROOTNAME environment variable in your config.txt. + [Kaiten-Yaki] Check LVROOTNAME environment variable in your config.txt. HEREDOC # Deactivate all lg and close the LUKS volume deactivate_and_close @@ -288,13 +288,13 @@ function pre_install() { if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # not exist and overwrite install cat <<- HEREDOC ***** ERROR : Logical volume "${VGNAME}-${LVROOTNAME}" doesn't exist while overwrite install. ***** - ...Check consistency of your config.txt. + [Kaiten-Yaki] Check consistency of your config.txt. HEREDOC # Deactivate all lg and close the LUKS volume deactivate_and_close return 1 # with error status else # not exist and not overwrite install - echo "...Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." + echo "[Kaiten-Yaki] Creating logical volume \"${LVROOTNAME}\" on \"${VGNAME}\"." # Too use the bash IFS, first parameter is not quoted. lvcreate ${LVROOTSIZE} -n "${LVROOTNAME}" "${VGNAME}" if [ $? -ne 0 ] ; then deactivate_and_close; return 1 ; fi; @@ -367,15 +367,15 @@ function post_install() { # ${BTRFSOPTION} is defined by the caller of this function for BTRFS formated volume. # ${BTRFSOPTION} have to be NOT quoted. Otherwise, mount will receive an empty # string as first option, when the veraible is empty. - echo "...Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." + echo "[Kaiten-Yaki] Mounting /dev/mapper/${VGNAME}-${LVROOTNAME} on ${TARGETMOUNTPOINT}." mount ${BTRFSOPTION} /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" "${TARGETMOUNTPOINT}" # And mount other directories - echo "...Mounting all other dirs." + echo "[Kaiten-Yaki] Mounting all other dirs." for n in proc sys dev tmp etc/resolv.conf; do mount --rbind "/$n" "${TARGETMOUNTPOINT}/$n"; done # Copy all scripts to the target /tmp for using in chroot session. - echo "...Copying files in current dir to ${TARGETMOUNTPOINT}/tmp." + echo "[Kaiten-Yaki] Copying files in current dir to ${TARGETMOUNTPOINT}/tmp." mkdir "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" cp -r ./* -t "${TARGETMOUNTPOINT}/tmp/kaiten-yaki" @@ -383,7 +383,7 @@ function post_install() { # The here-document is script executed under chroot. At here we call # the distribution dependent script "lib/chrooted_job_${DISTRIBUTIONSIGNATURE}.sh", # which was copied to /temp at previous code. - echo "...Chroot to ${TARGETMOUNTPOINT}. and execute chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" + echo "[Kaiten-Yaki] Chroot to ${TARGETMOUNTPOINT}. and execute chrooted_job_${DISTRIBUTIONSIGNATURE}.sh" # shellcheck disable=SC2086 cat <<- HEREDOC | chroot "${TARGETMOUNTPOINT}" /bin/bash cd /tmp/kaiten-yaki @@ -392,23 +392,23 @@ function post_install() { HEREDOC # Unmount all. -l ( lazy ) option is added to supress the busy error. - echo "...Unmounting all." + echo "[Kaiten-Yaki] Unmounting all." umount -R -l "${TARGETMOUNTPOINT}" - echo "...Post install process finished." + echo "[Kaiten-Yaki] Post install process finished." # Free LUKS volume as swap volume. - echo "...Disabling swap to release the LUKS volume." + echo "[Kaiten-Yaki] Disabling swap to release the LUKS volume." swapoff -a # Close LUKS - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + echo "[Kaiten-Yaki] Deactivating all logical volumes in volume group \"${VGNAME}\"." vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + echo "[Kaiten-Yaki] Closing LUKS volume \"${CRYPTPARTNAME}\"." cryptsetup close "${CRYPTPARTNAME}" # Deleting the passphrase information. - echo "...Deleting passphrase information." + echo "[Kaiten-Yaki] Deleting passphrase information." PASSPHRASE="" export PASSPHRASE @@ -416,7 +416,7 @@ function post_install() { cat <<- HEREDOC ****************** Install process finished ****************** - ...Ready to reboot. + [Kaiten-Yaki] Ready to reboot. HEREDOC return 0 @@ -433,32 +433,32 @@ function deactivate_and_close(){ if [ "${IS_ROOT_CREATED}" -ne 0 ] ; then # if extra volume 1 created # Remove newly created root volume - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." + echo "[Kaiten-Yaki] Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}\"." lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}" fi if [ "${IS_LVEXT1_CREATED}" -ne 0 ] ; then # if extra volume 1 created # Remove newly created extra volume 1 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." + echo "[Kaiten-Yaki] Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\"." lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT1SUFFIX}" fi if [ "${IS_LVEXT2_CREATED}" -ne 0 ] ; then # if extra volume 2 created # Remove newly created extra volume 2 - echo "...Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." + echo "[Kaiten-Yaki] Deleting the new logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\"." lvremove -f /dev/mapper/"${VGNAME}"-"${LVROOTNAME}${LVEXT2SUFFIX}" fi - echo "...Deactivating all logical volumes in volume group \"${VGNAME}\"." + echo "[Kaiten-Yaki] Deactivating all logical volumes in volume group \"${VGNAME}\"." vgchange -a n "${VGNAME}" - echo "...Closing LUKS volume \"${CRYPTPARTNAME}\"." + echo "[Kaiten-Yaki] Closing LUKS volume \"${CRYPTPARTNAME}\"." cryptsetup close "${CRYPTPARTNAME}" cat <<- HEREDOC - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC } @@ -469,11 +469,11 @@ function deactivate_and_close(){ function on_unexpected_installer_quit(){ echo "***** ERROR : The GUI/TUI installer terminated unexpectedly. *****" if [ "${OVERWRITEINSTALL}" -ne 0 ] ; then # If overwrite install, keep the volume - echo "...Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." + echo "[Kaiten-Yaki] Keep logical volume \"${VGNAME}-${LVROOTNAME}\" untouched." fi # Deactivate all lg and close the LUKS volume deactivate_and_close - echo "...You can retry Kaiten-yaki again." + echo "[Kaiten-Yaki] You can retry Kaiten-yaki again." } @@ -493,7 +493,7 @@ function distribution_check(){ if [ "${YESNO}" != "Y" ] && [ "${YESNO}" != "y" ] ; then cat <<- HEREDOC - ...Installation process terminated.. + [Kaiten-Yaki] Installation process terminated.. HEREDOC return 1 # with error status fi # if YES @@ -512,9 +512,9 @@ function distribution_check(){ function create_ext_lv() { if [ "${USELVEXT1}" -ne 0 ] ; then # if using extra volume 1 if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}" ] ; then # if extra volume 1 exist - echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." + echo "[Kaiten-Yaki] Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT1SUFFIX}\" already exists. OK." else - echo "...Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." + echo "[Kaiten-Yaki] Creating logical volume \"${LVROOTNAME}${LVEXT1SUFFIX}\" on \"${VGNAME}\"." # Too use the bash IFS, first parameter is not quoted. lvcreate ${LVEXT1SIZE} -n "${LVROOTNAME}${LVEXT1SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail @@ -528,9 +528,9 @@ function create_ext_lv() { if [ "${USELVEXT2}" -ne 0 ] ; then # if using extra volume 2 if [ -e /dev/mapper/"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}" ] ; then # if extra volume 2 exist - echo "...Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." + echo "[Kaiten-Yaki] Logical volume \"${VGNAME}-${LVROOTNAME}${LVEXT2SUFFIX}\" already exists. OK." else - echo "...Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." + echo "[Kaiten-Yaki] Creating logical volume \"${LVROOTNAME}${LVEXT2SUFFIX}\" on \"${VGNAME}\"." # Too use the bash IFS, first parameter is not quoted. lvcreate ${LVEXT2SIZE} -n "${LVROOTNAME}${LVEXT2SUFFIX}" "${VGNAME}" if [ $? -ne 0 ] ; then # if fail diff --git a/script/ubuntu-kaiten-yaki.sh b/script/ubuntu-kaiten-yaki.sh index adfbbdd..0691f7b 100644 --- a/script/ubuntu-kaiten-yaki.sh +++ b/script/ubuntu-kaiten-yaki.sh @@ -81,13 +81,13 @@ function para_install_local() { # Distrobution dependent message cat <<- HEREDOC - ************************ CAUTION! CAUTION! CAUTION! **************************** - - Make sure to click "Continue Testing", at the end of the Ubiquity installer. - Just exit the installer without rebooting. Other wise, your system - is unable to boot. - - Type return key to start Ubiquity. + **************** CAUTION! CAUTION! CAUTION! ******************** + [Kaiten-Yaki] + [Kaiten-Yaki] Make sure to click "Continue Testing", at the end of + [Kaiten-Yaki] the Ubiquity installer. Just exit the installer without + [Kaiten-Yaki] rebooting. Otherwise, your system becomes unable to boot. + [Kaiten-Yaki] + [Kaiten-Yaki] Type return key to start Ubiquity. HEREDOC # waiting for a console input @@ -134,12 +134,12 @@ function grub_check_and_modify_local() { # Make target GRUB aware to the crypt partition # This must do it after start of the file copy by installer, but before the end of the file copy. - echo "...Adding GRUB_ENABLE_CRYPTODISK entry to ${TARGETMOUNTPOINT}/etc/default/grub " + echo "[Kaiten-Yaki] Adding GRUB_ENABLE_CRYPTODISK entry to ${TARGETMOUNTPOINT}/etc/default/grub " echo "GRUB_ENABLE_CRYPTODISK=y" >> ${TARGETMOUNTPOINT}/etc/default/grub # And then, wait for the end of installer process - echo "...Waiting for the end of GUI/TUI installer." - echo "...Again, DO NOT reboot/restart here. Just exit the GUI/TUI installer." + echo "[Kaiten-Yaki] Waiting for the end of GUI/TUI installer." + echo "[Kaiten-Yaki] Again, DO NOT reboot/restart here. Just exit the GUI/TUI installer." wait $INSTALLER_PID # succesfull return diff --git a/script/void-kaiten-yaki.sh b/script/void-kaiten-yaki.sh index c63f906..4276811 100644 --- a/script/void-kaiten-yaki.sh +++ b/script/void-kaiten-yaki.sh @@ -45,17 +45,17 @@ function main() { export GRUB_ADDITIONAL_PARAMETERS="rd.auto=1 cryptdevice=${DEV}${CRYPTPARTITION}:${CRYPTPARTNAME} root=/dev/mapper/${VGNAME}-${LVROOTNAME}" if grep "$GRUB_ADDITIONAL_PARAMETERS" /etc/default/grub ; then # Is additonal parameter already added? # Yes - echo ".../etc/default/grub already modified. OK, skipping to modiy." + echo "[Kaiten-Yaki] /etc/default/grub already modified. OK, skipping to modiy." else # Not yet. Let's add. - echo "...Modify /etc/default/grub." + echo "[Kaiten-Yaki] Modify /etc/default/grub." sed -i -e "/GRUB_CMDLINE_LINUX_DEFAULT/{s#\"# ${GRUB_ADDITIONAL_PARAMETERS}\"#2}" /etc/default/grub fi # Common part of the pre-install stage if ! pre_install ; then # If error, restore the modification. - echo "...restoring /etc/default/grub, if needed" + echo "[Kaiten-Yaki] restoring /etc/default/grub, if needed" sed -i -e "s#${GRUB_ADDITIONAL_PARAMETERS}##" /etc/default/grub return 1 # with error status fi @@ -96,13 +96,13 @@ function para_install_local() { # Distrobution dependent message cat <<- HEREDOC - ************************ CAUTION! CAUTION! CAUTION! **************************** - - Make sure to click "NO", if the void-installer ask you to reboot. - Just exit the installer without rebooting. Other wise, your system - is unable to boot. - - Type return key to start void-installer. + ******************** CAUTION! CAUTION! CAUTION! ************************ + [Kaiten-Yaki] + [Kaiten-Yaki] Make sure to click "NO", if the void-installer ask you to + [Kaiten-Yaki] reboot.Just exit the installer without rebooting. Otherwise, + [Kaiten-Yaki] your system becomes unable to boot. + [Kaiten-Yaki] + [Kaiten-Yaki] Type return key to start void-installer. HEREDOC # waiting for a console input @@ -123,7 +123,7 @@ function para_install_local() { # If exist, the grub was not modifyed -> void-installer termianted unexpectedly # Delete the nwe volume if overwrite install, and close all on_unexpected_installer_quit - echo "...restoring modified /etc/default/grub." + echo "[Kaiten-Yaki] restoring modified /etc/default/grub." sed -i "s#loglevel=4 ${GRUB_ADDITIONAL_PARAMETERS}#loglevel=4#" /etc/default/grub return 1 # with error status fi @@ -149,7 +149,7 @@ function grub_check_and_modify_local() { # Make target GRUB aware to the crypt partition # This must do it after start of the file copy by installer, but before the end of the file copy. - echo "...Adding GRUB_ENABLE_CRYPTODISK entry to ${TARGETMOUNTPOINT}/etc/default/grub " + echo "[Kaiten-Yaki] Adding GRUB_ENABLE_CRYPTODISK entry to ${TARGETMOUNTPOINT}/etc/default/grub " echo "GRUB_ENABLE_CRYPTODISK=y" >> ${TARGETMOUNTPOINT}/etc/default/grub # succesfull return From 70fa79a8d526f63b0878deb6d5bfa1d7f787d170 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Wed, 11 May 2022 07:30:19 +0900 Subject: [PATCH 92/97] Issue #39 : Change message style https://github.com/suikan4github/kaiten-yaki/issues/39 --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a40efae..7cf30cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ Record of the modification in project development. - [Issue 33 : Support "M/G/T" as size prefix.](https://github.com/suikan4github/kaiten-yaki/issues/33) ### Changed +- [Issue 38 : "Ready to reboot" message should be changed](https://github.com/suikan4github/kaiten-yaki/issues/38) +- [Issue 39 : Change message style](https://github.com/suikan4github/kaiten-yaki/issues/39) + ### Deprecated - [Issue 34 : BIOS support should be obsoleted ](https://github.com/suikan4github/kaiten-yaki/issues/34) @@ -16,7 +19,6 @@ Record of the modification in project development. ### Fixed - [Issue 32 : Ubuntu 22.04 fails to deactivate the swap](https://github.com/suikan4github/kaiten-yaki/issues/32) - [Issue 36 : Clear the PASSPHRASE variable at the end of installation](https://github.com/suikan4github/kaiten-yaki/issues/36) -- [Issue 38 : "Ready to reboot" message should be changed](https://github.com/suikan4github/kaiten-yaki/issues/38) ### Known Issue From ecbafb4a6dc9e47647cb8f02dcf2603107892112 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Thu, 12 May 2022 07:54:33 +0900 Subject: [PATCH 93/97] Update README.md for v1.3.0 --- README.md | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2376bfb..7c2b120 100644 --- a/README.md +++ b/README.md @@ -25,15 +25,20 @@ As depicted above, the LVM volume group has only one physical volume. # Tested environment These scripts are tested with the following environment. -- VMWare Workstation 15.5.7 ( EFI/BIOS ) -- ThinkPad X220 (BIOS) -- Ubuntu 20.04.3 amd64 desktop -- Ubuntu 21.04 amd64 desktop -- Ubuntu 21.10 amd64 desktop -- Ubuntu Mate 20.04.3 amd64 desktop -- void-live-x86_64-20210218-mate.iso -- void-live-x86_64-musl-20210218-mate.iso -- void-live-x86_64-20210218.iso +- VMVare Workstation 15.5.7 ( EFI ) +- Ubuntu 22.04 amd64 desktop +- void-live-x86_64-20210930-xfce.iso +- void-live-x86_64-20210930.iso +- Followings are the tested environment of the Kaiten-Yaki v1.2.0 + - VMWare Workstation 15.5.7 ( EFI/BIOS ) + - ThinkPad X220 (BIOS) + - Ubuntu 20.04.3 amd64 desktop + - Ubuntu 21.04 amd64 desktop + - Ubuntu 21.10 amd64 desktop + - Ubuntu Mate 20.04.3 amd64 desktop + - void-live-x86_64-20210218-mate.iso + - void-live-x86_64-musl-20210218-mate.iso + - void-live-x86_64-20210218.iso # Installation Rough procedure of the installation is as followings : @@ -43,11 +48,8 @@ Rough procedure of the installation is as followings : The detail procedure is explained in the [INSTALL.md](INSTALL.md). -# Known issues -If you install two or more Void Linux into the EFI system, only the last one can boot without trouble. This is not the problem of Kaiten-yaki. - # Variants considerations -Ubuntu has several variants ( flavors ). While while only the MATE flavor is tested, other flavors may work correctly as far as it uses Ubiquity installer. +Ubuntu has several variants ( flavors ). While while only the Ubuntu desktop is tested, other flavors may work correctly as far as it uses Ubiquity installer. # Other resources See [Wiki](https://github.com/suikan4github/kaiten-yaki/wiki) for the application notes and the useful links. From 353a9dd8b49435ae1703f6609860d91071691577 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 14 May 2022 08:33:21 +0900 Subject: [PATCH 94/97] Preparing release of the v1.3.0 --- CHANGELOG.md | 11 ++++++++++- README.md | 8 ++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cf30cd..1d52570 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,14 @@ Record of the modification in project development. ## [Unreleased] - yyyy-mm-dd ### Added +### Changed +### Deprecated +### Removed +### Fixed +### Known Issue + +## [1.3.0] - 2022-05-15 +### Added - [Issue 31 : Add extra partition functionality.](https://github.com/suikan4github/kaiten-yaki/issues/31) - [Issue 33 : Support "M/G/T" as size prefix.](https://github.com/suikan4github/kaiten-yaki/issues/33) @@ -87,7 +95,8 @@ See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki ### Known Issue -[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.2.0...develop +[Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.3.0...develop +[1.3.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.2.0...v1.3.0 [1.2.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...v1.2.0 [1.1.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...v1.1.0 [1.0.0]: https://github.com/suikan4github/kaiten-yaki/compare/v0.0.0...v1.0.0 diff --git a/README.md b/README.md index 7c2b120..ef66460 100644 --- a/README.md +++ b/README.md @@ -2,15 +2,15 @@ Kaiten-yaki v1.3.0 is a script set to install Linux to your AMD64 desktop system. With these scripts, you can install Ubuntu/Void Linux to an encrypted partition easily. The followings are the list of functionalities: -- Ubuntu and Void Linux. +- Ubuntu and Void Linux support. - Help to install from LiveCD/USB. - Invoke GUI/TUI installer automatically at the middle of script execution, for the ease of installation. -- Automatic detection of EFI firmware and create GPT( The BIOS detection and MBR creation function exist. But it is not maintained from v1.3.0 ). +- Automatic detection of EFI firmware and create GPT (The BIOS detection and MBR creation function exist. But they are not maintained from v1.3.0). - Create an EFI partition, if needed. - Support multiple boot in a LUKS partition. - Support btrfs in addition to the major file systems. -- The "/boot" is located in the same logical volume as the "/". -- The swap logical volume is located inside the encrypted volume. +- The "/boot" is located in the same encrypted logical volume with the "/". +- The swap is located in the same encrypted logical volume with the "/". - You need to type a passphrase only once in the boot sequence. With the configuration parameters, you can customize each installation. For example, you can configure the system to have 2, 3, or 4,... distributions in an HDD/SSD, as you want. From 09ae43b7c141c2eb51847bb72e81aaf67ce81aae Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sun, 15 May 2022 10:15:51 +0900 Subject: [PATCH 95/97] Changed README.md "maintained" -> "tested" --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ef66460..bb95640 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,13 @@ The followings are the list of functionalities: - Ubuntu and Void Linux support. - Help to install from LiveCD/USB. - Invoke GUI/TUI installer automatically at the middle of script execution, for the ease of installation. -- Automatic detection of EFI firmware and create GPT (The BIOS detection and MBR creation function exist. But they are not maintained from v1.3.0). +- Automatic detection of EFI firmware and create GPT (The BIOS detection and MBR creation function exist. But they are not test from v1.3.0). - Create an EFI partition, if needed. - Support multiple boot in a LUKS partition. - Support btrfs in addition to the major file systems. - The "/boot" is located in the same encrypted logical volume with the "/". - The swap is located in the same encrypted logical volume with the "/". -- You need to type a passphrase only once in the boot sequence. +- You need to type a passphrase only once in the boot sequence of the installed system. With the configuration parameters, you can customize each installation. For example, you can configure the system to have 2, 3, or 4,... distributions in an HDD/SSD, as you want. From b5adafafe6576d9fdbdce8af0d039a5bbed3c3e4 Mon Sep 17 00:00:00 2001 From: Uraza Date: Tue, 11 Apr 2023 20:08:59 +0000 Subject: [PATCH 96/97] Partition names should be prefixed by "p" for NVMe --- script/config.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/script/config.sh b/script/config.sh index 4ed7602..b73ab5b 100644 --- a/script/config.sh +++ b/script/config.sh @@ -87,12 +87,20 @@ else export ISEFI=0 # No, BIOS fi # is EFI firmaare? +# Detect drive type. +# For NVME drives, partition names should be prefixed by p. +if [[ ${DEV} == *"nvme"* ]] ; then +export PARTPREFIX="p" # Yes, NVME +else +export PARTPREFIX="" # No, regular +fi + # Set partition number based on the firmware type if [ ${ISEFI} -ne 0 ] ; then # EFI firmware -export EFIPARTITION=1 -export CRYPTPARTITION=2 +export EFIPARTITION=${PARTPREFIX}1 +export CRYPTPARTITION=${PARTPREFIX}2 else # BIOS firmware -export CRYPTPARTITION=1 +export CRYPTPARTITION=${PARTPREFIX}1 fi # EFI firmware From fd5a51a070c20339327b1f60f2d6fc85fa4e5341 Mon Sep 17 00:00:00 2001 From: Suikan <26223147+suikan4github@users.noreply.github.com> Date: Sat, 15 Apr 2023 07:13:14 +0900 Subject: [PATCH 97/97] Update CHANGELOG for v1.3.1 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d52570..720fbbe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,15 @@ Record of the modification in project development. ### Fixed ### Known Issue +## [1.3.1] - 2023-04-15 +### Added +### Changed +### Deprecated +### Removed +### Fixed +- [Issue 43 : Partition names should be prefixed by "p" for NVMe](https://github.com/suikan4github/kaiten-yaki/pull/43). Thank you Uraza for your contribution. +### Known Issue + ## [1.3.0] - 2022-05-15 ### Added - [Issue 31 : Add extra partition functionality.](https://github.com/suikan4github/kaiten-yaki/issues/31) @@ -96,6 +105,7 @@ See [Testing before release v1.1.0](https://github.com/suikan4github/kaiten-yaki [Unreleased]: https://github.com/suikan4github/kaiten-yaki/compare/v1.3.0...develop +[1.3.1]: https://github.com/suikan4github/kaiten-yaki/compare/v1.3.0...v1.3.1 [1.3.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.2.0...v1.3.0 [1.2.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.1.0...v1.2.0 [1.1.0]: https://github.com/suikan4github/kaiten-yaki/compare/v1.0.0...v1.1.0