Update encryption option further
This commit is contained in:
parent
cb4029b049
commit
e4df308250
1 changed files with 45 additions and 11 deletions
|
@ -50,11 +50,14 @@ function create_subvolumes() {
|
||||||
subvols+=("${!SUBVOLS_DEFAULT[@]}")
|
subvols+=("${!SUBVOLS_DEFAULT[@]}")
|
||||||
|
|
||||||
if [[ "$ENCRYPTION" ]]; then
|
if [[ "$ENCRYPTION" ]]; then
|
||||||
${cmd} cryptsetup luksOpen "$RootPart" luksvol
|
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/$ENC_VOL" /mnt
|
||||||
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/luksvol" /mnt
|
|
||||||
else
|
else
|
||||||
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
|
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
|
||||||
fi
|
fi
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /mnt"
|
||||||
|
exit 100
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$BootPart" == "@boot" ]]; then
|
if [[ "$BootPart" == "@boot" ]]; then
|
||||||
${cmd} btrfs subvolume create /mnt/@boot
|
${cmd} btrfs subvolume create /mnt/@boot
|
||||||
|
@ -99,7 +102,7 @@ function unmount_target() {
|
||||||
${cmd} umount /target
|
${cmd} umount /target
|
||||||
|
|
||||||
if [[ "$ENCRYPTION" ]]; then
|
if [[ "$ENCRYPTION" ]]; then
|
||||||
${cmd} cryptsetup luksClose luksvol
|
${cmd} cryptsetup luksClose "$ENC_VOL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,10 +124,14 @@ function prepare_target() {
|
||||||
|
|
||||||
rootmount="$RootPart"
|
rootmount="$RootPart"
|
||||||
if [[ "$ENCRYPTION" ]]; then
|
if [[ "$ENCRYPTION" ]]; then
|
||||||
rootmount="/dev/mapper/luksvol"
|
rootmount="/dev/mapper/$ENC_VOL"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
|
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /target"
|
||||||
|
exit 101
|
||||||
|
fi
|
||||||
|
|
||||||
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
||||||
do
|
do
|
||||||
|
@ -139,8 +146,16 @@ function prepare_target() {
|
||||||
else
|
else
|
||||||
${cmd} mount "$BootPart" /target/boot
|
${cmd} mount "$BootPart" /target/boot
|
||||||
fi
|
fi
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /target/boot"
|
||||||
|
exit 102
|
||||||
|
fi
|
||||||
|
|
||||||
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home
|
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /target/home"
|
||||||
|
exit 103
|
||||||
|
fi
|
||||||
|
|
||||||
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
||||||
do
|
do
|
||||||
|
@ -151,12 +166,20 @@ function prepare_target() {
|
||||||
${cmd} mkdir -p /target/boot/efi
|
${cmd} mkdir -p /target/boot/efi
|
||||||
fi
|
fi
|
||||||
${cmd} mount "$EFIPart" /target/boot/efi
|
${cmd} mount "$EFIPart" /target/boot/efi
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /target/boot/efi"
|
||||||
|
exit 104
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$SWAP" ]]; then
|
if [[ "$SWAP" ]]; then
|
||||||
if [[ ! -d "/target/swap" ]]; then
|
if [[ ! -d "/target/swap" ]]; then
|
||||||
${cmd} mkdir -p /target/swap
|
${cmd} mkdir -p /target/swap
|
||||||
fi
|
fi
|
||||||
${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap
|
${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap
|
||||||
|
if [[ "$?" -ne 0 ]]; then
|
||||||
|
echo "FATAL: Could not mount /target/swap"
|
||||||
|
exit 105
|
||||||
|
fi
|
||||||
${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp
|
${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -184,9 +207,9 @@ function prepare_target() {
|
||||||
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
|
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$ENCRYPTION" ]]; then
|
#if [[ "$ENCRYPTION" ]]; then
|
||||||
|
#
|
||||||
fi
|
#fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function expert_step() {
|
function expert_step() {
|
||||||
|
@ -309,7 +332,7 @@ function install_cleanup() {
|
||||||
${cmd} umount /target
|
${cmd} umount /target
|
||||||
|
|
||||||
if [[ "$ENCRYPTION" ]]; then
|
if [[ "$ENCRYPTION" ]]; then
|
||||||
${cmd} cryptsetup luksClose luksvol
|
${cmd} cryptsetup luksClose "$ENC_VOL"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10
|
${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10
|
||||||
|
@ -330,6 +353,7 @@ while [[ $# -gt 0 ]]; do
|
||||||
;;
|
;;
|
||||||
-e|--encryption)
|
-e|--encryption)
|
||||||
ENCRYPTION=true
|
ENCRYPTION=true
|
||||||
|
ENC_VOL="$2"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-s|--swap)
|
-s|--swap)
|
||||||
|
@ -366,9 +390,19 @@ if [[ -z "$RootPart" || -z "$BootPart" || -z "$EFIPart" ]]; then
|
||||||
exit 3
|
exit 3
|
||||||
else
|
else
|
||||||
if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then
|
if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then
|
||||||
|
if [[ -z "$ENC_VOL" ]]; then
|
||||||
|
echo "Encryption volume needs to be set. Reliably determining this is"
|
||||||
|
echo "best done by human eyes. To find your current volume, you can"
|
||||||
|
echo "run:"
|
||||||
|
echo " dmsetup ls --target crypt"
|
||||||
|
echo "If it's not active for whatever reason, you can open it with:"
|
||||||
|
echo " cryptsetup luksOpen "$RootPart" <volume_name>"
|
||||||
|
exit 4
|
||||||
|
elif [[ "$BootPart" == "@boot" ]]; then
|
||||||
echo "While encryption is enabled, using @boot subvolume will cause issues."
|
echo "While encryption is enabled, using @boot subvolume will cause issues."
|
||||||
echo "Please prepare and set boot volume for /boot while using encryption."
|
echo "Please prepare and set boot volume for /boot while using encryption."
|
||||||
exit 4
|
exit 5
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$INSTALL_MODE" in
|
case "$INSTALL_MODE" in
|
||||||
|
|
Loading…
Reference in a new issue