aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-07-29 14:41:00 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-07-29 14:41:00 -0300
commite8e038d1e6bba187fe7ec7a337dc0fea4f296921 (patch)
treed1c266eb06acbd4ad474aa6738a65cbd279be5b1
parent31677b3cfe55060f816ea68ab757388ef6ecd5fd (diff)
downloadhydra-e8e038d1e6bba187fe7ec7a337dc0fea4f296921.tar.gz
hydra-e8e038d1e6bba187fe7ec7a337dc0fea4f296921.tar.bz2
Provision: LUKS and Grub changes
Diffstat
-rw-r--r--share/config/provision/tpc.conf2
-rwxr-xr-xshare/hydractl/provision45
2 files changed, 24 insertions, 23 deletions
diff --git a/share/config/provision/tpc.conf b/share/config/provision/tpc.conf
index 602bdfb..b0a6e74 100644
--- a/share/config/provision/tpc.conf
+++ b/share/config/provision/tpc.conf
@@ -10,7 +10,7 @@ var_size="0" # Size of var partition
encrypt="y" # Encrypt volumes?
garbage="n" # Pre-fill volumes with garbage?
disable_zeroing="n" # Disable zeroing of lvm volumes?
-random_swap="y" # Random swap?
+random_swap="n" # Random swap?
arch="amd64" # System arch
version="wheezy" # Distro version
grub="y" # Setup GRUB?
diff --git a/share/hydractl/provision b/share/hydractl/provision
index c7be798..70e52e5 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -51,7 +51,7 @@ function hydra_provision_lvcreate {
# Cryptsetup wrapper.
function hydra_cryptsetup {
if [ ! -z "$1" ] && [ -b "$1" ]; then
- hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1
+ hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1
fi
}
@@ -386,27 +386,6 @@ EOF
fi
fi
-# Grub.
-if [ "$grub" == "y" ]; then
- if [ "$encrypt" != "y" ]; then
- echo "Boot device setup..."
- hydra_sudo_run mkfs.ext4 $boot_device
- hydra_sudo_run mount $boot_device $WORK/boot
- echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null
- fi
-
- echo "Setting up GRUB..."
- $APT_INSTALL grub-pc -y
-
- if [ "$encrypt" == "y" ]; then
- echo '' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
- echo '# Full Disk Encryption Support' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
- echo 'GRUB_ENABLE_CRYPTODISK=y' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
- hydra_sudo_run chroot $WORK/ update-grub
- hydra_sudo_run chroot $WORK/ grub-install $device
- fi
-fi
-
# Kernel.
echo "Installing kernel..."
cat <<-EOF | $SUDO tee $WORK/etc/initramfs-tools/modules > /dev/null
@@ -435,6 +414,28 @@ $APT_INSTALL linux-image-$kernel_arch -y
echo "Creating initramfs..."
hydra_sudo_run chroot $WORK update-initramfs -v -u
+# Grub.
+if [ "$grub" == "y" ]; then
+ if [ "$encrypt" != "y" ]; then
+ echo "Boot device setup..."
+ hydra_sudo_run mkfs.ext4 $boot_device
+ hydra_sudo_run mount $boot_device $WORK/boot
+ echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null
+ fi
+
+ echo "Setting up GRUB..."
+ $APT_INSTALL grub-pc -y
+
+ if [ "$encrypt" == "y" ]; then
+ echo '' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
+ echo '# Full Disk Encryption Support' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
+ echo 'GRUB_ENABLE_CRYPTODISK=y' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
+ echo 'GRUB_PRELOAD_MODULES="lvm cryptodisk mdraid1x"' | $SUDO tee -a $WORK/etc/default/grub > /dev/null
+ hydra_sudo_run chroot $WORK/ update-grub
+ hydra_sudo_run chroot $WORK/ grub-install --recheck --force $device
+ fi
+fi
+
# Utils.
echo "Installing basic utilities..."
$APT_INSTALL screen cron lsb-release openssl -y
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 19:10:29 +0000