Update encryption option further

This commit is contained in:
Eric Renfro 2024-07-02 21:05:16 -04:00
parent cb4029b049
commit e4df308250
Signed by: psi-jack
SSH key fingerprint: SHA256:1TKB8Z257L8EHK8GWNxKgMhD8a+FAR+f+j3nnlcuNVM

View file

@ -50,11 +50,14 @@ function create_subvolumes() {
subvols+=("${!SUBVOLS_DEFAULT[@]}") subvols+=("${!SUBVOLS_DEFAULT[@]}")
if [[ "$ENCRYPTION" ]]; then if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksOpen "$RootPart" luksvol ${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/$ENC_VOL" /mnt
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/luksvol" /mnt
else else
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt ${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
fi fi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /mnt"
exit 100
fi
if [[ "$BootPart" == "@boot" ]]; then if [[ "$BootPart" == "@boot" ]]; then
${cmd} btrfs subvolume create /mnt/@boot ${cmd} btrfs subvolume create /mnt/@boot
@ -99,7 +102,7 @@ function unmount_target() {
${cmd} umount /target ${cmd} umount /target
if [[ "$ENCRYPTION" ]]; then if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksClose luksvol ${cmd} cryptsetup luksClose "$ENC_VOL"
fi fi
} }
@ -121,10 +124,14 @@ function prepare_target() {
rootmount="$RootPart" rootmount="$RootPart"
if [[ "$ENCRYPTION" ]]; then if [[ "$ENCRYPTION" ]]; then
rootmount="/dev/mapper/luksvol" rootmount="/dev/mapper/$ENC_VOL"
fi fi
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target ${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target"
exit 101
fi
for subvol in "${!SUBVOLS_DEFAULT[@]}" for subvol in "${!SUBVOLS_DEFAULT[@]}"
do do
@ -139,8 +146,16 @@ function prepare_target() {
else else
${cmd} mount "$BootPart" /target/boot ${cmd} mount "$BootPart" /target/boot
fi fi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/boot"
exit 102
fi
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home ${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/home"
exit 103
fi
for subvol in "${!SUBVOLS_DEFAULT[@]}" for subvol in "${!SUBVOLS_DEFAULT[@]}"
do do
@ -151,12 +166,20 @@ function prepare_target() {
${cmd} mkdir -p /target/boot/efi ${cmd} mkdir -p /target/boot/efi
fi fi
${cmd} mount "$EFIPart" /target/boot/efi ${cmd} mount "$EFIPart" /target/boot/efi
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/boot/efi"
exit 104
fi
if [[ "$SWAP" ]]; then if [[ "$SWAP" ]]; then
if [[ ! -d "/target/swap" ]]; then if [[ ! -d "/target/swap" ]]; then
${cmd} mkdir -p /target/swap ${cmd} mkdir -p /target/swap
fi fi
${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap ${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap
if [[ "$?" -ne 0 ]]; then
echo "FATAL: Could not mount /target/swap"
exit 105
fi
${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp ${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp
fi fi
@ -184,9 +207,9 @@ function prepare_target() {
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub ${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
fi fi
if [[ "$ENCRYPTION" ]]; then #if [[ "$ENCRYPTION" ]]; then
#
fi #fi
} }
function expert_step() { function expert_step() {
@ -309,7 +332,7 @@ function install_cleanup() {
${cmd} umount /target ${cmd} umount /target
if [[ "$ENCRYPTION" ]]; then if [[ "$ENCRYPTION" ]]; then
${cmd} cryptsetup luksClose luksvol ${cmd} cryptsetup luksClose "$ENC_VOL"
fi fi
${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10 ${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10
@ -330,6 +353,7 @@ while [[ $# -gt 0 ]]; do
;; ;;
-e|--encryption) -e|--encryption)
ENCRYPTION=true ENCRYPTION=true
ENC_VOL="$2"
shift shift
;; ;;
-s|--swap) -s|--swap)
@ -366,9 +390,19 @@ if [[ -z "$RootPart" || -z "$BootPart" || -z "$EFIPart" ]]; then
exit 3 exit 3
else else
if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then
if [[ -z "$ENC_VOL" ]]; then
echo "Encryption volume needs to be set. Reliably determining this is"
echo "best done by human eyes. To find your current volume, you can"
echo "run:"
echo " dmsetup ls --target crypt"
echo "If it's not active for whatever reason, you can open it with:"
echo " cryptsetup luksOpen "$RootPart" <volume_name>"
exit 4
elif [[ "$BootPart" == "@boot" ]]; then
echo "While encryption is enabled, using @boot subvolume will cause issues." echo "While encryption is enabled, using @boot subvolume will cause issues."
echo "Please prepare and set boot volume for /boot while using encryption." echo "Please prepare and set boot volume for /boot while using encryption."
exit 4 exit 5
fi
fi fi
case "$INSTALL_MODE" in case "$INSTALL_MODE" in