diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-08-09 14:06:42 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-08-09 14:06:42 -0300 |
| commit | aaf8a8e2568e8d06cc15508cb15a6e8a9605ec80 (patch) | |
| tree | a15aca10a1ba6bb598c617d9837ff7f84b75c34c /share | |
| parent | 27a9a9ee7c597ee07a7fb76dd056b61876ba55cc (diff) | |
| download | hydra-aaf8a8e2568e8d06cc15508cb15a6e8a9605ec80.tar.gz hydra-aaf8a8e2568e8d06cc15508cb15a6e8a9605ec80.tar.bz2 | |
Provision: updating cryptsetup parameters
Diffstat (limited to 'share')
| -rwxr-xr-x | share/hydractl/provision | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index b363809..5fac217 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -58,7 +58,7 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." - hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/mapper/$vg-$volume + hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume @@ -284,25 +284,25 @@ echo "# <target name> <source device> <key file> <options>" > /tmp/debootstra if [ "$encrypt" == "y" ]; then cat > /tmp/debootstrap/etc/crypttab <<-EOF -root /dev/mapper/$vg-root none luks,cipher=aes-cbc-essiv:sha256 +root /dev/mapper/$vg-root none luks EOF fi if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -home /dev/mapper/$vg-home none luks,cipher=aes-cbc-essiv:sha256 +home /dev/mapper/$vg-home none luks EOF fi if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -var /dev/mapper/$vg-var none luks,cipher=aes-cbc-essiv:sha256 +var /dev/mapper/$vg-var none luks EOF fi if [ "$swap" != "0" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 +cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi |