diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2014-08-15 01:12:17 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2014-08-15 01:12:17 -0300 |
commit | 9b434226c6115c6998a0e50453be50671fe7ef1d (patch) | |
tree | 9ff5f6890eb6988d215ac70b404738e122708fe2 | |
parent | 5f4c5a3cb39b9e91fdaf2c7601fd574f73099ec1 (diff) | |
download | hydra-9b434226c6115c6998a0e50453be50671fe7ef1d.tar.gz hydra-9b434226c6115c6998a0e50453be50671fe7ef1d.tar.bz2 |
Changing partition layout and adding random_swap config parameter
-rwxr-xr-x | share/hydractl/provision | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index 5a06c20..95e67b9 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -48,6 +48,13 @@ function hydra_provision_lvcreate { fi } +# Cryptsetup wrapper. +function hydra_cryptsetup { + if [ ! -z "$1" ] && [ -b "$1" ]; then + hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1 + fi +} + # Create a physical volume. function hydra_provision_create_volume { local volume="$1" @@ -58,7 +65,7 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." - hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume + hydra_cryptsetup /dev/mapper/$vg-$volume hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume @@ -93,6 +100,7 @@ function hydra_provision_config { hydra_user_config var_size 20G "Size of var partition (0 to not create it, -1 for all free space)" hydra_user_config encrypt y "Encrypt volumes? (y/n)" hydra_user_config garbage y "Pre-fill volumes with garbage? (y/n)" + hydra_user_config random_swap y "Random swap? (y/n)" hydra_user_config disable_zeroing n "Disable zeroing of lvm volumes? (y/n)" hydra_user_config hostname machine "Hostname" hydra_user_config domain example.org "Domain" @@ -132,19 +140,18 @@ fi # Disk partitioning. if [ "$swap" != "0" ]; then - boot_end=$(($swap_size + 200)) hydra_safe_run parted -s -- $device mklabel gpt hydra_safe_run parted -s -- $device unit MB mkpart non-fs 2 3 - hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 3 $swap_size - hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size $boot_end - hydra_safe_run parted -s -- $device unit MB mkpart ext2 $boot_end -1 + hydra_safe_run parted -s -- $device unit MB mkpart ext2 3 200 + hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 200 $swap_size + hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size -1 hydra_safe_run parted -s -- $device set 1 bios_grub on hydra_safe_run parted -s -- $device set 3 boot on hydra_safe_run parted -s -- $device set 4 lvm on # Change devices to absolute path names. - swap_device="$device"2 - boot_device="$device"3 + boot_device="$device"2 + swap_device="$device"3 syst_device="$device"4 else hydra_safe_run parted -s -- $device mklabel gpt @@ -213,6 +220,12 @@ for folder in proc dev home var boot sys; do umount /tmp/debootstrap/$folder &> /dev/null done +# Create swap fs. +if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then + hydra_cryptsetup $swap_device + hydra_safe_run mkswap $swap_device +fi + # Create root fs hydra_provision_create_volume root @@ -303,9 +316,15 @@ var /dev/mapper/$vg-var none luks EOF fi -if [ "$swap" != "0" ]; then +if [ "$swap" != "0" ] && [ "$random_swap" == "y" ]; then + cat >> /tmp/debootstrap/etc/crypttab <<-EOF +cswap $swap_device none luks,swap +EOF +fi + +if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -cswap $swap_device /dev/random luks,swap +cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi |