Update encryption option further
This commit is contained in:
parent
cb4029b049
commit
e4df308250
1 changed files with 45 additions and 11 deletions
|
@ -50,11 +50,14 @@ function create_subvolumes() {
|
|||
subvols+=("${!SUBVOLS_DEFAULT[@]}")
|
||||
|
||||
if [[ "$ENCRYPTION" ]]; then
|
||||
${cmd} cryptsetup luksOpen "$RootPart" luksvol
|
||||
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/luksvol" /mnt
|
||||
${cmd} mount -o noatime,space_cache=v2,ssd "/dev/mapper/$ENC_VOL" /mnt
|
||||
else
|
||||
${cmd} mount -o noatime,space_cache=v2,ssd "$RootPart" /mnt
|
||||
fi
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /mnt"
|
||||
exit 100
|
||||
fi
|
||||
|
||||
if [[ "$BootPart" == "@boot" ]]; then
|
||||
${cmd} btrfs subvolume create /mnt/@boot
|
||||
|
@ -99,7 +102,7 @@ function unmount_target() {
|
|||
${cmd} umount /target
|
||||
|
||||
if [[ "$ENCRYPTION" ]]; then
|
||||
${cmd} cryptsetup luksClose luksvol
|
||||
${cmd} cryptsetup luksClose "$ENC_VOL"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -121,10 +124,14 @@ function prepare_target() {
|
|||
|
||||
rootmount="$RootPart"
|
||||
if [[ "$ENCRYPTION" ]]; then
|
||||
rootmount="/dev/mapper/luksvol"
|
||||
rootmount="/dev/mapper/$ENC_VOL"
|
||||
fi
|
||||
|
||||
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@ "$rootmount" /target
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /target"
|
||||
exit 101
|
||||
fi
|
||||
|
||||
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
||||
do
|
||||
|
@ -139,8 +146,16 @@ function prepare_target() {
|
|||
else
|
||||
${cmd} mount "$BootPart" /target/boot
|
||||
fi
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /target/boot"
|
||||
exit 102
|
||||
fi
|
||||
|
||||
${cmd} mount -o noatime,space_cache=v2,ssd,subvol=@home "$rootmount" /target/home
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /target/home"
|
||||
exit 103
|
||||
fi
|
||||
|
||||
for subvol in "${!SUBVOLS_DEFAULT[@]}"
|
||||
do
|
||||
|
@ -151,12 +166,20 @@ function prepare_target() {
|
|||
${cmd} mkdir -p /target/boot/efi
|
||||
fi
|
||||
${cmd} mount "$EFIPart" /target/boot/efi
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /target/boot/efi"
|
||||
exit 104
|
||||
fi
|
||||
|
||||
if [[ "$SWAP" ]]; then
|
||||
if [[ ! -d "/target/swap" ]]; then
|
||||
${cmd} mkdir -p /target/swap
|
||||
fi
|
||||
${cmd} mount -o noatime,ssd,subvol=@swap "$rootmount" /target/swap
|
||||
if [[ "$?" -ne 0 ]]; then
|
||||
echo "FATAL: Could not mount /target/swap"
|
||||
exit 105
|
||||
fi
|
||||
${cmd} btrfs filesystem mkswapfile --size "$(get_hibernate_size)g" --uuid clear /target/swap/hibernate.swp
|
||||
fi
|
||||
|
||||
|
@ -184,9 +207,9 @@ function prepare_target() {
|
|||
${cmd} sed -i "/^GRUB_CMDLINE_LINUX_DEFAULT=/ s/\(\"[^\"]*\)$/ resume=${SwapUUID} resume_offset=${SwapOffset}&/" /target/etc/default/grub
|
||||
fi
|
||||
|
||||
if [[ "$ENCRYPTION" ]]; then
|
||||
|
||||
fi
|
||||
#if [[ "$ENCRYPTION" ]]; then
|
||||
#
|
||||
#fi
|
||||
}
|
||||
|
||||
function expert_step() {
|
||||
|
@ -309,7 +332,7 @@ function install_cleanup() {
|
|||
${cmd} umount /target
|
||||
|
||||
if [[ "$ENCRYPTION" ]]; then
|
||||
${cmd} cryptsetup luksClose luksvol
|
||||
${cmd} cryptsetup luksClose "$ENC_VOL"
|
||||
fi
|
||||
|
||||
${cmd} dd if=/dev/zero of="${RootPart}" bs=1024 count=10
|
||||
|
@ -330,6 +353,7 @@ while [[ $# -gt 0 ]]; do
|
|||
;;
|
||||
-e|--encryption)
|
||||
ENCRYPTION=true
|
||||
ENC_VOL="$2"
|
||||
shift
|
||||
;;
|
||||
-s|--swap)
|
||||
|
@ -366,9 +390,19 @@ if [[ -z "$RootPart" || -z "$BootPart" || -z "$EFIPart" ]]; then
|
|||
exit 3
|
||||
else
|
||||
if [[ "$ENCRYPTION" && "$BootPart" == "@boot" ]]; then
|
||||
if [[ -z "$ENC_VOL" ]]; then
|
||||
echo "Encryption volume needs to be set. Reliably determining this is"
|
||||
echo "best done by human eyes. To find your current volume, you can"
|
||||
echo "run:"
|
||||
echo " dmsetup ls --target crypt"
|
||||
echo "If it's not active for whatever reason, you can open it with:"
|
||||
echo " cryptsetup luksOpen "$RootPart" <volume_name>"
|
||||
exit 4
|
||||
elif [[ "$BootPart" == "@boot" ]]; then
|
||||
echo "While encryption is enabled, using @boot subvolume will cause issues."
|
||||
echo "Please prepare and set boot volume for /boot while using encryption."
|
||||
exit 4
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
case "$INSTALL_MODE" in
|
||||
|
|
Loading…
Reference in a new issue