aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/.gitignore1
-rwxr-xr-xinclude/partition.sh88
2 files changed, 89 insertions, 0 deletions
diff --git a/include/.gitignore b/include/.gitignore
new file mode 100644
index 0000000..05b023b
--- /dev/null
+++ b/include/.gitignore
@@ -0,0 +1 @@
+authorized_keys
diff --git a/include/partition.sh b/include/partition.sh
new file mode 100755
index 0000000..fb56ce7
--- /dev/null
+++ b/include/partition.sh
@@ -0,0 +1,88 @@
+#!/bin/sh
+#
+# Simple partitioning shell script.
+#
+# Copyright 2013 Guilhem Moulin <guilhem@fripost.org>
+#
+# Licensed under the GNU GPL version 3 or higher.
+
+set -ue
+
+. /lib/fripost-partman/base.sh
+
+# Wipe the disk
+device=/dev/sda
+fripost_wipe $device
+
+db_get fripost/encrypt
+encrypt=$RET
+
+# Create a disk label
+/sbin/parted -s $device mklabel gpt
+log "Created disklabel GPT for device $device"
+
+# Create a EFI partition if needed; otherwise, create a partition needed
+# to put GRUB on GPT disklabels.
+if [ -d /proc/efi -o -d /sys/firmware/efi ]; then
+ part_efi=$( fripost_mkpart $device efi 256M +boot )
+else
+ fripost_mkpart $device bios_grub 8M +bios_grub
+fi
+db_set grub-installer/bootdev $device
+db_fset grub-installer/bootdev seen true
+
+# Create boot and system partitions
+part_boot=$( fripost_mkpart $device boot 64M )
+part_system=$( fripost_mkpart $device system 100% )
+/sbin/parted -s $device align-check opt ${part_system#$device} \
+ || fatal "$part_system is not aligned"
+
+
+if [ $encrypt = true ]; then
+ # Encrypt the system partition. We choose the key length and digest
+ # depending on the architecture we're on; we use AES128 and SHA-256
+ # on 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms.
+ arch=$(uname -m)
+ if [ "$arch" = x86_64 ]; then
+ keysize=256
+ hash=sha512
+ elif [ "$arch" = i386 -o "$arch" = i686 ]; then
+ keysize=128
+ hash=sha256
+ fi
+ # Note: XTS requires the key size to be doubled.
+ fripost_encrypt $part_system system_crypt \
+ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
+ --iter-time 5000 --use-random
+ part_system=/dev/mapper/system_crypt
+fi
+
+
+# Ensure LVM2 is installed in the target chroot; create logical volumes
+# for /, swap and /home.
+apt-install lvm2 || true
+vg=$(hostname)
+pvcreate -ff -y $part_system
+vgcreate $vg $part_system
+
+lvcreate -L 5G -n root $vg
+lvcreate -L 1G -n swap $vg
+lvcreate -l 100%FREE -n home $vg
+vgchange -ay $vg
+
+
+# Format the partitions
+fripost_mkfs ext2 $part_boot -E resize=512M -m1 -b 4096
+fripost_mkfs ext4 /dev/$vg/root -b 4096
+fripost_mkfs ext4 /dev/$vg/home -b 4096
+mkswap /dev/$vg/swap
+
+
+# Stuff the fstab and mount the devices in the target
+fripost_fstab $part_boot /boot ext2 noatime
+fripost_fstab /dev/$vg/root / ext4 noatime,errors=remount-ro
+fripost_fstab /dev/$vg/swap none swap sw
+fripost_fstab /dev/$vg/home /home ext4 noatime
+fripost_mount_partitions
+
+# TODO: EFI: format, add to fstab, how to populate?