Add Encryption to linuxmint-postsetup

This commit is contained in:
Eric Renfro 2024-07-02 20:16:20 -04:00
parent adb32cec27
commit cb4029b049
Signed by: psi-jack
SSH key fingerprint: SHA256:1TKB8Z257L8EHK8GWNxKgMhD8a+FAR+f+j3nnlcuNVM

View file

@ -32,6 +32,7 @@ function show_help() {
echo "" echo ""
echo "Options:" echo "Options:"
echo "-h, --help Help on this tool." echo "-h, --help Help on this tool."
echo "-e, --encryption Enable LUKS encryption."
echo "-s, --swap Enable Swap/Hibernation support." echo "-s, --swap Enable Swap/Hibernation support."
echo "-d, --debug Enable DEBUG mode for testing." echo "-d, --debug Enable DEBUG mode for testing."
exit 0 exit 0
@ -48,7 +49,12 @@ function create_subvolumes() {
subvols+=("${!SUBVOLS_DEFAULT[@]}") subvols+=("${!SUBVOLS_DEFAULT[@]}")
${cmd} mount "$RootPart" /mnt if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksOpen "$RootPart" luksvol
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/luksvol" /mnt
else
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
fi
if [[ "$BootPart" == "@boot" ]]; then if [[ "$BootPart" == "@boot" ]]; then
${cmd} btrfs subvolume create /mnt/@boot ${cmd} btrfs subvolume create /mnt/@boot
@ -62,7 +68,7 @@ function create_subvolumes() {
for subvol in "${subvols[@]}" for subvol in "${subvols[@]}"
do do
${cmd} btrfs subvolume create /mnt/"$subvol" ${cmd} btrfs subvolume create /mnt/"$subvol"
if [[ -d "/mnt/@/${SUBVOLS_DEFAULT[$subvol]}" || "DEBUG" ]]; then if [[ -d "/mnt/@/${SUBVOLS_DEFAULT[$subvol]}" || "$DEBUG" ]]; then
${cmd} rsync -avhHi --delete-after "/mnt/@/${SUBVOLS_DEFAULT[$subvol]}/" "/mnt/$subvol/" ${cmd} rsync -avhHi --delete-after "/mnt/@/${SUBVOLS_DEFAULT[$subvol]}/" "/mnt/$subvol/"
fi fi
done done
@ -70,6 +76,33 @@ function create_subvolumes() {
${cmd} umount /mnt ${cmd} umount /mnt
} }
function unmount_target() {
local subvol
if [[ "$DEBUG" ]]; then
local cmd="echo"
else
local cmd=""
fi
for subvol in "${!SUBVOLS_DEFAULT[@]}"
do
${cmd} umount /target/"${SUBVOLS_DEFAULT[$subvol]}"
done
if [[ "$SWAP" ]]; then
${cmd} umount /target/swap
fi
${cmd} umount /target/boot/efi
${cmd} umount /target/boot
${cmd} umount /target
if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksClose luksvol
fi
}
function get_hibernate_size() { function get_hibernate_size() {
free --giga | awk '/^Mem:/{print $2}' free --giga | awk '/^Mem:/{print $2}'
} }
@ -87,6 +120,9 @@ function prepare_target() {
${cmd} mkdir /target ${cmd} mkdir /target
rootmount="$RootPart" rootmount="$RootPart"
if [[ "$ENCRYPTION" ]]; then
rootmount="/dev/mapper/luksvol"
fi
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target ${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
@ -128,18 +164,29 @@ function prepare_target() {
${cmd} arch-chroot /target update-grub2 ${cmd} arch-chroot /target update-grub2
fi fi
for subvol in "${!SUBVOLS_DEFAULT[@]}" ${cmd} apt install -y arch-install-scripts
do
${cmd} umount /target/"${SUBVOLS_DEFAULT[$subvol]}"
done
if [[ "$SWAP" ]]; then if [[ "$DEBUG" ]]; then
${cmd} umount /target/swap echo "genfstab -U /target > /target/etc/fstab"
echo
else
genfstab -U /target > /target/etc/fstab
fi fi
${cmd} umount /target/boot/efi if [[ "$SWAP" ]]; then
${cmd} umount /target/boot if [[ "$DEBUG" ]]; then
${cmd} umount /target echo "echo \"/swap/hibernate.swp none swap defaults 0 0\" >> /target/etc/fstab"
else
echo "/swap/hibernate.swp none swap defaults 0 0" >> /target/etc/fstab
fi
SwapUUID=$(grep btrfs /target/etc/fstab | head -n1 | cut -f1)
SwapOffset=$(btrfs inspect-internal map-swapfile -r /target/swap/hibernate.swp)
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
fi
if [[ "$ENCRYPTION" ]]; then
fi
} }
function expert_step() { function expert_step() {
@ -181,6 +228,12 @@ function show_options() {
echo "Boot Partition: $BootPart" echo "Boot Partition: $BootPart"
echo "EFI Partition: $EFIPart" echo "EFI Partition: $EFIPart"
if [[ "$ENCRYPTION" ]]; then
echo "Encryption: Enabled"
else
echo "Encryption: Disabled"
fi
if [[ "$SWAP" ]]; then if [[ "$SWAP" ]]; then
echo "Swap: Enabled" echo "Swap: Enabled"
else else
@ -214,16 +267,14 @@ function install_normal() {
prepare_target prepare_target
echo echo
echo "Ready for installation! Run a terminal and start the following:" echo "Post-Setup Preparations Complete. You can verify things in /target or you can"
echo "sudo live-installer-expert-mode" echo "re-run this script with --unmount to unmount and reboot."
echo
echo "Once it's at the expert mode step, re-run this command with --expert"
} }
function install_expert() { function install_unmount() {
show_options show_options
read -rsn1 -p"Expert-Installation: To proceed, press enter to continue." proceed read -rsn1 -p"Post-Install Unmount and Reboot: To proceed, press enter to continue." proceed
echo echo
if [[ "$proceed" != "" ]]; then if [[ "$proceed" != "" ]]; then
@ -233,7 +284,8 @@ function install_expert() {
echo echo
echo "Running Expert-Mode Installation Steps..." echo "Running Expert-Mode Installation Steps..."
expert_step unmount_target
reboot
} }
function install_cleanup() { function install_cleanup() {
@ -276,6 +328,10 @@ while [[ $# -gt 0 ]]; do
-h|--help) -h|--help)
show_help show_help
;; ;;
-e|--encryption)
ENCRYPTION=true
shift
;;
-s|--swap) -s|--swap)
SWAP=true SWAP=true
shift shift
@ -284,8 +340,8 @@ while [[ $# -gt 0 ]]; do
DEBUG=true DEBUG=true
shift shift
;; ;;
--expert) --unmount)
INSTALL_MODE=expert INSTALL_MODE=unmount
shift shift
;; ;;
--clean) --clean)
@ -317,7 +373,7 @@ else
case "$INSTALL_MODE" in case "$INSTALL_MODE" in
normal) install_normal;; normal) install_normal;;
expert) install_expert;; unmount) install_unmount;;
clean) install_cleanup;; clean) install_cleanup;;
*) *)
echo "Error, unknown installation mode detected." echo "Error, unknown installation mode detected."