diff options
-rwxr-xr-x | partition.sh | 114 |
1 files changed, 28 insertions, 86 deletions
diff --git a/partition.sh b/partition.sh index 1618aec..1a33e02 100755 --- a/partition.sh +++ b/partition.sh @@ -4,41 +4,19 @@ set -ue . /lib/fripost-partman/base.sh -dev=/dev/sda -fripost_wipe $dev +device=/dev/sda +fripost_wipe $device -grain=$(( 256*32 )) -offset=`cat /sys/block/${dev#/dev/}/alignment_offset` -bs=`cat /sys/block/${dev#/dev/}/queue/physical_block_size` +/sbin/parted -s $device mklabel gpt +log "Created disklabel GPT for device $device" -if [ $offset -eq 0 ]; then - offset=64 -else - offset=$(( $offset / $bs )) -fi +[ -d /proc/efi -o -d /sys/firmware/efi ] && \ + part_uefi=$( fripost_mkpart $device uefi 256M +boot ) -parted -sm $dev mklabel gpt -# All offset2's must be multiple of 256*32 = 8192 -if [ -d /proc/efi ] || [ -d /sys/firmware/efi ]; then - offset2=$(( 256 * 1024**2 / $bs )) - offset2=$(( $offset2 - $offset2 % $grain )) - parted -a minimal -sm $dev mkpart uefi ${offset}s $(( $offset2 - 1 ))s - offset=$offset2 - offset2=$(( $offset + 64 * 1024**2 / $bs )) - offset2=$(( $offset2 - $offset2 % $grain )) - parted -a minimal -sm $dev mkpart boot ${offset}s $(( $offset2 - 1))s - parted -sm $dev set 1 boot on -else - offset2=$(( 64 * 1024**2 / $bs )) - parted -a minimal -sm $dev mkpart boot ${offset}s $(( $offset2 - 1))s -fi -offset=$offset2 -offset2=$(( `cat /sys/block/${dev#/dev/}/size` - 1 )) -offset2=$(( $offset2 - $offset2 % $grain )) -parted -a optimal -sm $dev mkpart system ${offset}s $(( $offset2 - 1))s -system=${dev}$(parted -sm $dev p | grep -m 1 '^[1-9][0-9]*:.*:system:[^:]*;$' | sed 's/:.*//') -parted -sm $dev align-check opt ${system#$dev} -#parted -sm $dev set ${system#$dev} lvm on +part_boot=$( fripost_mkpart $device boot 64M ) +part_system=$( fripost_mkpart $device system 100% ) #+lvm +/sbin/parted -s $device align-check opt ${part_system#$device} \ + || fatal "$part_system is not aligned" # Choose the key length and digest depending on the architecture # we're on; we use AES128 and SHA-256 on 32-bits platforms, and @@ -52,67 +30,31 @@ elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then hash=sha256 fi # Note: XTS requires the key size to be doubled. -fripost_encrypt $system system_crypt \ - --align-payload $grain \ +fripost_encrypt $part_system system_crypt \ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ --iter-time 5000 --use-random +vg=$(hostname) pvcreate -ff -y /dev/mapper/system_crypt -vgcreate eilift /dev/mapper/system_crypt - -lvcreate -L 5G -n root eilift -lvcreate -L 1G -n swap eilift -lvcreate -l 100%FREE -n home eilift -vgchange -ay eilift - -mkfs.ext2 /dev/sda1 -mkfs.ext4 /dev/eilift/root -mkfs.ext4 /dev/eilift/home - -mkdir -p /target/proc -mkdir -p /target/cdrom +vgcreate $vg /dev/mapper/system_crypt -cat > /tmp/fstab <<EOF -# /etc/fstab: static file system information. -# -# <file system> <mount point> <type> <options> <dump> <pass> -proc /proc proc defaults 0 0 -# TODO: ^ is that needed? -/dev/cdrom /cdrom iso9660,udf ro,user,noauto 0 0 -# TODO: ^ remove -EOF -mkdir -p /target/ -mount -t ext4 /dev/eilift/root /target/ -echo /dev/eilift/root / ext4 noatime,errors=remount-ro 0 1 >> /tmp/fstab -mkdir -p /target/home -mount -t ext4 /dev/eilift/home /target/home/ -echo /dev/eilift/home /home/ ext4 noatime 0 2 >> /tmp/fstab -mkdir -p /target/boot -mount -t ext2 /dev/sda1 /target/boot/ -echo /dev/sda1 /boot/ ext2 noatime 0 2 >> /tmp/fstab +lvcreate -L 5G -n root $vg +lvcreate -L 1G -n swap $vg +lvcreate -l 100%FREE -n home $vg +vgchange -ay $vg -mkswap /dev/eilift/swap -swapon /dev/eilift/swap -echo "/dev/eilift/swap none swap sw 0 0" >> /tmp/fstab -mkdir -p /target/etc -cp /tmp/fstab /target/etc/fstab +# Format the partitions +mkfs.ext2 -q -E resize=512M -m1 -b 4096 $part_boot +mkfs.ext4 -q -b 4096 /dev/$vg/root +mkfs.ext4 -q -b 4096 /dev/$vg/home +mkswap /dev/$vg/swap -# functions: -# parted -# - aligned ([+]256MB) -# cryptsetup ... -# - set up SSH daemon -# - /sbin/cryptsetup -q ... --key-file="$keyfile" luksFormat $system -# - /sbin/cryptsetup -q --key-file="$keyfile" luksOpen $system system_crypt -# pvcreate -# vgcreate -# vgchange -# mkfs -t type [fs-options] device -# mount -t vfstype [-o options] device dir -# - create mountpoint -# - add entry to fstab -# - mount -#+ logs! +# Stuff the fstab and mount the devices in the target +fripost_fstab $part_boot /boot ext2 noatime +fripost_fstab /dev/$vg/root / ext4 noatime,errors=remount-ro +fripost_fstab /dev/$vg/swap none swap sw +fripost_fstab /dev/$vg/home /home ext4 noatime +fripost_mount_partitions |