From e8e038d1e6bba187fe7ec7a337dc0fea4f296921 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 29 Jul 2016 14:41:00 -0300 Subject: Provision: LUKS and Grub changes --- share/config/provision/tpc.conf | 2 +- share/hydractl/provision | 45 +++++++++++++++++++++-------------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/share/config/provision/tpc.conf b/share/config/provision/tpc.conf index 602bdfb..b0a6e74 100644 --- a/share/config/provision/tpc.conf +++ b/share/config/provision/tpc.conf @@ -10,7 +10,7 @@ var_size="0" # Size of var partition encrypt="y" # Encrypt volumes? garbage="n" # Pre-fill volumes with garbage? disable_zeroing="n" # Disable zeroing of lvm volumes? -random_swap="y" # Random swap? +random_swap="n" # Random swap? arch="amd64" # System arch version="wheezy" # Distro version grub="y" # Setup GRUB? diff --git a/share/hydractl/provision b/share/hydractl/provision index c7be798..70e52e5 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -51,7 +51,7 @@ function hydra_provision_lvcreate { # Cryptsetup wrapper. function hydra_cryptsetup { if [ ! -z "$1" ] && [ -b "$1" ]; then - hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1 + hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1 fi } @@ -386,27 +386,6 @@ EOF fi fi -# Grub. -if [ "$grub" == "y" ]; then - if [ "$encrypt" != "y" ]; then - echo "Boot device setup..." - hydra_sudo_run mkfs.ext4 $boot_device - hydra_sudo_run mount $boot_device $WORK/boot - echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null - fi - - echo "Setting up GRUB..." - $APT_INSTALL grub-pc -y - - if [ "$encrypt" == "y" ]; then - echo '' | $SUDO tee -a $WORK/etc/default/grub > /dev/null - echo '# Full Disk Encryption Support' | $SUDO tee -a $WORK/etc/default/grub > /dev/null - echo 'GRUB_ENABLE_CRYPTODISK=y' | $SUDO tee -a $WORK/etc/default/grub > /dev/null - hydra_sudo_run chroot $WORK/ update-grub - hydra_sudo_run chroot $WORK/ grub-install $device - fi -fi - # Kernel. echo "Installing kernel..." cat <<-EOF | $SUDO tee $WORK/etc/initramfs-tools/modules > /dev/null @@ -435,6 +414,28 @@ $APT_INSTALL linux-image-$kernel_arch -y echo "Creating initramfs..." hydra_sudo_run chroot $WORK update-initramfs -v -u +# Grub. +if [ "$grub" == "y" ]; then + if [ "$encrypt" != "y" ]; then + echo "Boot device setup..." + hydra_sudo_run mkfs.ext4 $boot_device + hydra_sudo_run mount $boot_device $WORK/boot + echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null + fi + + echo "Setting up GRUB..." + $APT_INSTALL grub-pc -y + + if [ "$encrypt" == "y" ]; then + echo '' | $SUDO tee -a $WORK/etc/default/grub > /dev/null + echo '# Full Disk Encryption Support' | $SUDO tee -a $WORK/etc/default/grub > /dev/null + echo 'GRUB_ENABLE_CRYPTODISK=y' | $SUDO tee -a $WORK/etc/default/grub > /dev/null + echo 'GRUB_PRELOAD_MODULES="lvm cryptodisk mdraid1x"' | $SUDO tee -a $WORK/etc/default/grub > /dev/null + hydra_sudo_run chroot $WORK/ update-grub + hydra_sudo_run chroot $WORK/ grub-install --recheck --force $device + fi +fi + # Utils. echo "Installing basic utilities..." $APT_INSTALL screen cron lsb-release openssl -y -- cgit v1.2.3