From bc706d9745c72c3051117641dc90f22856d5075b Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 11 Oct 2013 06:15:17 +0200
Subject: Possibility to skip full-disk encryption.

---
 partition.sh | 44 +++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/partition.sh b/partition.sh
index 3b12468..78cb55d 100755
--- a/partition.sh
+++ b/partition.sh
@@ -14,6 +14,8 @@ set -ue
 device=/dev/sda
 fripost_wipe $device
 
+db_get fripost-partman/encryption
+encrypt=$RET
 
 # Create a disk label
 /sbin/parted -s $device mklabel gpt
@@ -31,33 +33,37 @@ db_fset grub-installer/bootdev seen true
 
 # Create boot and system partitions
 part_boot=$( fripost_mkpart $device boot 64M )
-part_system=$( fripost_mkpart $device system 100% ) #+lvm
+part_system=$( fripost_mkpart $device system 100% )
 /sbin/parted -s $device align-check opt ${part_system#$device} \
     || fatal "$part_system is not aligned"
 
 
-# Encrypt the system partition. We choose the key length and digest
-# depending on the architecture we're on; we use AES128 and SHA-256 on
-# 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms.
-arch=$(uname -m)
-if [ x"$arch" = x"x86_64" ]; then
-    keysize=256
-    hash=sha512
-elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
-    keysize=128
-    hash=sha256
+if [ $encrypt = true ]; then
+    # Encrypt the system partition. We choose the key length and digest
+    # depending on the architecture we're on; we use AES128 and SHA-256
+    # on 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms.
+    arch=$(uname -m)
+    if [ x"$arch" = x"x86_64" ]; then
+        keysize=256
+        hash=sha512
+    elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
+        keysize=128
+        hash=sha256
+    fi
+    # Note: XTS requires the key size to be doubled.
+    fripost_encrypt $part_system system_crypt \
+        --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
+        --iter-time 5000 --use-random
+    part_system=/dev/mapper/system_crypt
 fi
-# Note: XTS requires the key size to be doubled.
-fripost_encrypt $part_system system_crypt \
-    --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
-    --iter-time 5000 --use-random
 
 
-# Create logical volumes for /, swap and /home using LVM2
+# Ensure LVM2  is installed in the target chroot; create logical volumes
+# for /, swap and /home.
+apt-install lvm2 || true
 vg=$(hostname)
-apt-install lvm2 || true # LVM need to be installed in the target chroot
-pvcreate -ff -y /dev/mapper/system_crypt
-vgcreate $vg    /dev/mapper/system_crypt
+pvcreate -ff -y $part_system
+vgcreate $vg    $part_system
 
 lvcreate -L 5G       -n root $vg
 lvcreate -L 1G       -n swap $vg
-- 
cgit v1.2.3