aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-11 06:15:17 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 04:27:37 +0200
commitbc706d9745c72c3051117641dc90f22856d5075b (patch)
tree8ac4f386dbbd36de185c881bf24e52de401789db
parent051d164d5b213ef1dfaebc5f54fffa858f04dae5 (diff)
Possibility to skip full-disk encryption.
-rwxr-xr-xpartition.sh44
1 files changed, 25 insertions, 19 deletions
diff --git a/partition.sh b/partition.sh
index 3b12468..78cb55d 100755
--- a/partition.sh
+++ b/partition.sh
@@ -14,6 +14,8 @@ set -ue
device=/dev/sda
fripost_wipe $device
+db_get fripost-partman/encryption
+encrypt=$RET
# Create a disk label
/sbin/parted -s $device mklabel gpt
@@ -31,33 +33,37 @@ db_fset grub-installer/bootdev seen true
# Create boot and system partitions
part_boot=$( fripost_mkpart $device boot 64M )
-part_system=$( fripost_mkpart $device system 100% ) #+lvm
+part_system=$( fripost_mkpart $device system 100% )
/sbin/parted -s $device align-check opt ${part_system#$device} \
|| fatal "$part_system is not aligned"
-# Encrypt the system partition. We choose the key length and digest
-# depending on the architecture we're on; we use AES128 and SHA-256 on
-# 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms.
-arch=$(uname -m)
-if [ x"$arch" = x"x86_64" ]; then
- keysize=256
- hash=sha512
-elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
- keysize=128
- hash=sha256
+if [ $encrypt = true ]; then
+ # Encrypt the system partition. We choose the key length and digest
+ # depending on the architecture we're on; we use AES128 and SHA-256
+ # on 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms.
+ arch=$(uname -m)
+ if [ x"$arch" = x"x86_64" ]; then
+ keysize=256
+ hash=sha512
+ elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
+ keysize=128
+ hash=sha256
+ fi
+ # Note: XTS requires the key size to be doubled.
+ fripost_encrypt $part_system system_crypt \
+ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
+ --iter-time 5000 --use-random
+ part_system=/dev/mapper/system_crypt
fi
-# Note: XTS requires the key size to be doubled.
-fripost_encrypt $part_system system_crypt \
- --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
- --iter-time 5000 --use-random
-# Create logical volumes for /, swap and /home using LVM2
+# Ensure LVM2 is installed in the target chroot; create logical volumes
+# for /, swap and /home.
+apt-install lvm2 || true
vg=$(hostname)
-apt-install lvm2 || true # LVM need to be installed in the target chroot
-pvcreate -ff -y /dev/mapper/system_crypt
-vgcreate $vg /dev/mapper/system_crypt
+pvcreate -ff -y $part_system
+vgcreate $vg $part_system
lvcreate -L 5G -n root $vg
lvcreate -L 1G -n swap $vg