From e596091daf51443248a0cb427832be62552eaf27 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 28 Oct 2013 19:50:41 +0100 Subject: Reorganization. Move preseed-related stuff in ./preseed/, and vm-related stuff in ./virtualenv/. --- include/.gitignore | 1 + include/partition.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 include/.gitignore create mode 100755 include/partition.sh (limited to 'include') diff --git a/include/.gitignore b/include/.gitignore new file mode 100644 index 0000000..05b023b --- /dev/null +++ b/include/.gitignore @@ -0,0 +1 @@ +authorized_keys diff --git a/include/partition.sh b/include/partition.sh new file mode 100755 index 0000000..fb56ce7 --- /dev/null +++ b/include/partition.sh @@ -0,0 +1,88 @@ +#!/bin/sh +# +# Simple partitioning shell script. +# +# Copyright 2013 Guilhem Moulin +# +# Licensed under the GNU GPL version 3 or higher. + +set -ue + +. /lib/fripost-partman/base.sh + +# Wipe the disk +device=/dev/sda +fripost_wipe $device + +db_get fripost/encrypt +encrypt=$RET + +# Create a disk label +/sbin/parted -s $device mklabel gpt +log "Created disklabel GPT for device $device" + +# Create a EFI partition if needed; otherwise, create a partition needed +# to put GRUB on GPT disklabels. +if [ -d /proc/efi -o -d /sys/firmware/efi ]; then + part_efi=$( fripost_mkpart $device efi 256M +boot ) +else + fripost_mkpart $device bios_grub 8M +bios_grub +fi +db_set grub-installer/bootdev $device +db_fset grub-installer/bootdev seen true + +# Create boot and system partitions +part_boot=$( fripost_mkpart $device boot 64M ) +part_system=$( fripost_mkpart $device system 100% ) +/sbin/parted -s $device align-check opt ${part_system#$device} \ + || fatal "$part_system is not aligned" + + +if [ $encrypt = true ]; then + # Encrypt the system partition. We choose the key length and digest + # depending on the architecture we're on; we use AES128 and SHA-256 + # on 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms. + arch=$(uname -m) + if [ "$arch" = x86_64 ]; then + keysize=256 + hash=sha512 + elif [ "$arch" = i386 -o "$arch" = i686 ]; then + keysize=128 + hash=sha256 + fi + # Note: XTS requires the key size to be doubled. + fripost_encrypt $part_system system_crypt \ + --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ + --iter-time 5000 --use-random + part_system=/dev/mapper/system_crypt +fi + + +# Ensure LVM2 is installed in the target chroot; create logical volumes +# for /, swap and /home. +apt-install lvm2 || true +vg=$(hostname) +pvcreate -ff -y $part_system +vgcreate $vg $part_system + +lvcreate -L 5G -n root $vg +lvcreate -L 1G -n swap $vg +lvcreate -l 100%FREE -n home $vg +vgchange -ay $vg + + +# Format the partitions +fripost_mkfs ext2 $part_boot -E resize=512M -m1 -b 4096 +fripost_mkfs ext4 /dev/$vg/root -b 4096 +fripost_mkfs ext4 /dev/$vg/home -b 4096 +mkswap /dev/$vg/swap + + +# Stuff the fstab and mount the devices in the target +fripost_fstab $part_boot /boot ext2 noatime +fripost_fstab /dev/$vg/root / ext4 noatime,errors=remount-ro +fripost_fstab /dev/$vg/swap none swap sw +fripost_fstab /dev/$vg/home /home ext4 noatime +fripost_mount_partitions + +# TODO: EFI: format, add to fstab, how to populate? -- cgit v1.2.3