From cdec2e76b4b1af00e10ce3bb72ee74e33d52083b Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 8 May 2015 17:14:13 +0200
Subject: Make the encrypted installation work with Jessie.

---
 include/partition.sh | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

(limited to 'include')

diff --git a/include/partition.sh b/include/partition.sh
index 35f259a..02695f5 100755
--- a/include/partition.sh
+++ b/include/partition.sh
@@ -91,9 +91,11 @@ part_swap=
 part_system=
 # Create boot and system partitions
 for d in $device; do
-    p=$( fripost_mkpart $d boot 64M )
-    part_boot="${part_boot:+$part_boot }$p"
-
+    if [ $encrypt = true ]; then
+        # Don't use a separate partition for /boot if the disk is unencrypted
+        p=$( fripost_mkpart $d boot 256M )
+        part_boot="${part_boot:+$part_boot }$p"
+    fi
     p=$( fripost_mkpart $d swap 1G )                # FIXME
     part_swap="${part_swap:+$part_swap }$p"
     /sbin/parted -s $d align-check opt ${p#$d} \
@@ -111,10 +113,12 @@ done
 if [ ${raidLevel:-} ]; then
     [ -d /dev/md ] || mkdir /dev/md
 
-    devices="$part_boot"
-    part_boot=/dev/md/boot
-    fripost_mdadm_create "$part_boot" -f -R -l $raidLevel \
-        ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices
+    if [ "${part_boot:-}" ]; then
+        devices="$part_boot"
+        part_boot=/dev/md/boot
+        fripost_mdadm_create "$part_boot" -f -R -l $raidLevel \
+            ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices
+    fi
 
     devices="$part_swap"
     part_swap=/dev/md/swap
@@ -156,10 +160,18 @@ if [ $encrypt = true ]; then
         hash=sha256
     fi
     # Note: XTS requires the key size to be doubled.
-    fripost_encrypt $part_system system_crypt \
-        --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
-        --iter-time 5000 --use-random
-    part_system=/dev/mapper/system_crypt
+    fripost_encrypt $part_system luksRoot \
+        --cipher=aes-xts-plain64 --key-size=$(( $keysize * 2 )) --hash=$hash \
+        --iter-time=5000 --use-random
+    part_system=/dev/mapper/luksRoot
+
+    /lib/cryptsetup/scripts/decrypt_derived luksRoot \
+        | cryptsetup luksFormat $part_swap --cipher=aes-xts-plain64 --hash=$hash --key-file=-
+    /lib/cryptsetup/scripts/decrypt_derived luksRoot \
+        | cryptsetup luksOpen $part_swap luksSwap --key-file=-
+
+    fripost_crypttab_addentry luksSwap "$part_swap" luksRoot luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
+    part_swap=/dev/mapper/luksSwap
 fi
 
 
-- 
cgit v1.2.3