From 776eebfdccaf528a1421a2906c623ca5e7872a12 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 7 Jul 2016 14:38:20 -0300
Subject: Initial code for Full Disk Encryption

---
 share/hydractl/provision | 47 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 34 insertions(+), 13 deletions(-)

(limited to 'share')

diff --git a/share/hydractl/provision b/share/hydractl/provision
index 0c57e49..35021c9 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -142,16 +142,27 @@ fi
 # Disk partitioning.
 hydra_sudo_run parted -s -- $device mklabel gpt
 hydra_sudo_run parted -s -- $device unit MB mkpart non-fs 2    3
-hydra_sudo_run parted -s -- $device unit MB mkpart ext2   3    200
-hydra_sudo_run parted -s -- $device unit MB mkpart ext2   200  -1
 hydra_sudo_run parted -s -- $device set 1 bios_grub on
-hydra_sudo_run parted -s -- $device set 2 boot on
-hydra_sudo_run parted -s -- $device set 3 lvm  on
 
-# Use absolute paths for devices.
-boot_device="$device"2
-syst_device="$device"3
-reboot_device="`blkid | grep ^$boot_device: | cut -d ' ' -f 2 | sed -e 's/"//g'`"
+if [ "$encrypt" == "y" ]; then
+  hydra_sudo_run parted -s -- $device unit MB mkpart ext2   3    -1
+  hydra_sudo_run parted -s -- $device set 2 lvm  on
+
+  boot_device="$device"2
+  syst_device="$device"2
+else
+  hydra_sudo_run parted -s -- $device unit MB mkpart ext2   3    200
+  hydra_sudo_run parted -s -- $device unit MB mkpart ext2   200  -1
+  hydra_sudo_run parted -s -- $device set 3 lvm  on
+
+  boot_device="$device"2
+  syst_device="$device"3
+
+  # Use absolute path
+  reboot_device="`blkid | grep ^$boot_device: | cut -d ' ' -f 2 | sed -e 's/"//g'`"
+fi
+
+hydra_sudo_run parted -s -- $device set 2 boot on
 
 # Create volumes.
 echo "Creating the needed disk volumes..."
@@ -374,13 +385,23 @@ fi
 
 # Grub.
 if [ "$grub" == "y" ]; then
-  echo "Boot device setup..."
-  hydra_sudo_run mkfs.ext4 $boot_device
-  hydra_sudo_run mount $boot_device $WORK/boot
-  echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null
+  if [ "$encrypt" != "y" ]; then
+    echo "Boot device setup..."
+    hydra_sudo_run mkfs.ext4 $boot_device
+    hydra_sudo_run mount $boot_device $WORK/boot
+    echo "$reboot_device /boot ext4 defaults,errors=remount-ro 0 2" | $SUDO tee -a $WORK/etc/fstab > /dev/null
+  fi
 
   echo "Setting up GRUB..."
   hydra_sudo_run chroot $WORK/ apt-get install grub-pc -y
+
+  if [ "$encrypt" == "y" ]; then
+    echo ''                                  >> $WORK/etc/default/grub
+    echo '# Full Disk Encryption Support'    >> $WORK/etc/default/grub
+    echo 'GRUB_ENABLE_CRYPTODISK=y'          >> $WORK/etc/default/grub
+    hydra_sudo_run chroot $WORK/ update-grub
+    hydra_sudo_run chroot $WORK/ grub-install $device
+  fi
 fi
 
 # Kernel.
@@ -441,5 +462,5 @@ Now proceeed with final steps:
   - Review fstab, crypttab and optional GRUB configuration.
   - Rename volume group $vg if needed, updating fstab and crypttab accordingly.
 
-See http://padrao.sarava.org/install for more information.
+See https://padrao.fluxo.info/install for more information.
 EOF
-- 
cgit v1.2.3