Update encryption option further

This commit is contained in:
Eric Renfro 2024-07-02 21:05:16 -04:00
parent cb4029b049
commit e4df308250
Signed by: psi-jack
SSH key fingerprint: SHA256:1TKB8Z257L8EHK8GWNxKgMhD8a+FAR+f+j3nnlcuNVM

View file

@ -50,11 +50,14 @@ function create_subvolumes() {
subvols+=("${!SUBVOLS_DEFAULT[@]}")
if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksOpen "$RootPart" luksvol
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/luksvol" /mnt
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/$ENC_VOL" /mnt
else
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
fi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /mnt"
exit 100
fi
if [[ "$BootPart" == "@boot" ]]; then
${cmd} btrfs subvolume create /mnt/@boot
@ -99,7 +102,7 @@ function unmount_target() {
${cmd} umount /target
if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksClose luksvol
${cmd} cryptsetup luksClose "$ENC_VOL"
fi
}
@ -121,10 +124,14 @@ function prepare_target() {
rootmount="$RootPart"
if [[ "$ENCRYPTION" ]]; then
rootmount="/dev/mapper/luksvol"
rootmount="/dev/mapper/$ENC_VOL"
fi
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target"
exit 101
fi
for subvol in "${!SUBVOLS_DEFAULT[@]}"
do
@ -139,8 +146,16 @@ function prepare_target() {
else
${cmd} mount "$BootPart" /target/boot
fi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/boot"
exit 102
fi
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/home"
exit 103
fi
for subvol in "${!SUBVOLS_DEFAULT[@]}"
do
@ -151,12 +166,20 @@ function prepare_target() {
${cmd} mkdir -p /target/boot/efi
fi
${cmd} mount "$EFIPart" /target/boot/efi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/boot/efi"
exit 104
fi
if [[ "$SWAP" ]]; then
if [[ ! -d "/target/swap" ]]; then
${cmd} mkdir -p /target/swap
fi
${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/swap"
exit 105
fi
${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp
fi
@ -184,9 +207,9 @@ function prepare_target() {
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
fi
if [[ "$ENCRYPTION" ]]; then
fi
#if [[ "$ENCRYPTION" ]]; then
#
#fi
}
function expert_step() {
@ -309,7 +332,7 @@ function install_cleanup() {
${cmd} umount /target
if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksClose luksvol
${cmd} cryptsetup luksClose "$ENC_VOL"
fi
${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10
@ -330,6 +353,7 @@ while [[ $# -gt 0 ]]; do
;;
-e|--encryption)
ENCRYPTION=true
ENC_VOL="$2"
shift
;;
-s|--swap)
@ -366,9 +390,19 @@ if [[ -z "$RootPart" || -z "$BootPart" || -z "$EFIPart" ]]; then
exit 3
else
if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then
echo "While encryption is enabled, using @boot subvolume will cause issues."
echo "Please prepare and set boot volume for /boot while using encryption."
exit 4
if [[ -z "$ENC_VOL" ]]; then
echo "Encryption volume needs to be set. Reliably determining this is"
echo "best done by human eyes. To find your current volume, you can"
echo "run:"
echo " dmsetup ls --target crypt"
echo "If it's not active for whatever reason, you can open it with:"
echo " cryptsetup luksOpen "$RootPart" <volume_name>"
exit 4
elif [[ "$BootPart" == "@boot" ]]; then
echo "While encryption is enabled, using @boot subvolume will cause issues."
echo "Please prepare and set boot volume for /boot while using encryption."
exit 5
fi
fi
case "$INSTALL_MODE" in