#!/bin/sh # Simple partitioning shell script. # Copyright © 2013,2014 Guilhem Moulin # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # On most installations it should be enough to change what is marked as # 'FIXME'. set -ue . /lib/fripost-partman/base.sh # Configuration for a single disk device=$(fripost_list_devices | head -1) raidLevel= # Configuration for a RAID array #device='/dev/sda /dev/sdb' # FIXME #raidLevel=raid1 # raid level FIXME #raidNumActiveDevices=2 # number of active devices in the array FIXME sed -nr "\#^/# s/\s.*//p" /proc/swaps | while read s; do swapoff "$s"; done n=0 for d in $device; do n=$(( $n + 1 )) wait_for_device $d # Umount existing mountpoints for mp in $(sed -nr "s#^$d\S*\s+(\S+).*#\1#p" /proc/mounts); do umount "$mp" done # Wipe the disk fripost_wipe $d # Create a disk label /sbin/parted -s $d mklabel gpt log "Created disklabel GPT for device $d" # Don't make an array of these partitions, but keep the alignment # regardless (at the expense of loosing some megabytes) # Create a EFI partition if needed; otherwise, create a partition needed # to put GRUB on GPT disklabels. if [ -d /proc/efi -o -d /sys/firmware/efi ]; then size=256M name=efi if [ $n -eq 1 ]; then anna-install dosfstools-udeb part_efi=$( fripost_mkpart $d $name $size +boot ) fripost_mkfs vfat $part_efi -F 32 else fripost_mkpart $d $name $size fi else size=8M name=bios_grub if [ $n -eq 1 ]; then fripost_mkpart $d $name $size +bios_grub else fripost_mkpart $d $name $size fi fi done db_get fripost/encrypt encrypt=$RET # Install GRUB on the first device in case of an array db_set grub-installer/bootdev "${device%% *}" db_fset grub-installer/bootdev seen true part_efi= part_boot= part_swap= part_system= # Create boot and system partitions for d in $device; do if [ $encrypt = true ]; then # Don't use a separate partition for /boot if the disk is unencrypted p=$( fripost_mkpart $d boot 256M ) part_boot="${part_boot:+$part_boot }$p" fi p=$( fripost_mkpart $d swap 1G ) # FIXME part_swap="${part_swap:+$part_swap }$p" /sbin/parted -s $d align-check opt ${p#$d} \ || fatal "$p is not aligned" p=$( fripost_mkpart $d system 100% ) part_system="${part_system:+$part_system }$p" /sbin/parted -s $d align-check opt ${p#$d} \ || fatal "$p is not aligned" log "Done with device $d" done # Create an array on top of that if [ ${raidLevel:-} ]; then [ -d /dev/md ] || mkdir /dev/md if [ "${part_boot:-}" ]; then devices="$part_boot" part_boot=/dev/md/boot fripost_mdadm_create "$part_boot" -f -R -l $raidLevel \ ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices fi devices="$part_swap" part_swap=/dev/md/swap fripost_mdadm_create "$part_swap" -f -R -l raid0 \ ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices devices="$part_system" part_system=/dev/md/system fripost_mdadm_create "$part_system" -f -R -l $raidLevel \ ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices # They were only meant to preserve alignment accross physical # devices. log "Remove dummy partitions" for d in ${device#* }; do # efi and bios_grub are only installed on the first disk fripost_rmpart $d efi || true fripost_rmpart $d bios_grub || true done # Note that we're assembling the array *before* encryption rather # than the otherway around. dm_crypt being now multi-threaded, the # order shouldn't impact performances (and that order is # significantly simpler to configure). fi if [ $encrypt = true ]; then # Encrypt the system partition. We choose the key length and digest # depending on the architecture we're on; we use AES128 and SHA-256 # on 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms. arch=$(uname -m) if [ "$arch" = x86_64 ]; then keysize=256 hash=sha512 elif [ "$arch" = i386 -o "$arch" = i686 ]; then keysize=128 hash=sha256 fi # Note: XTS requires the key size to be doubled. fripost_encrypt $part_system luksRoot \ --cipher=aes-xts-plain64 --key-size=$(( $keysize * 2 )) --hash=$hash \ --iter-time=5000 --use-random part_system=/dev/mapper/luksRoot /lib/cryptsetup/scripts/decrypt_derived luksRoot \ | cryptsetup luksFormat $part_swap --cipher=aes-xts-plain64 --hash=$hash --key-file=- /lib/cryptsetup/scripts/decrypt_derived luksRoot \ | cryptsetup luksOpen $part_swap luksSwap --key-file=- fripost_crypttab_addentry luksSwap "$part_swap" luksRoot luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived part_swap=/dev/mapper/luksSwap fi # Format the partitions fripost_mkfs ext2 "$part_boot" -F -E resize=512M -m1 -b 4096 fripost_mkfs btrfs "$part_system" -f mkswap "$part_swap" # Create BTRFS subvolumes mkdir -p /target apt-install btrfs-tools || true mount -t btrfs -o compress=lzo "$part_system" /target btrfs subvol create /target/@ btrfs subvol create /target/@home umount /target # Stuff the fstab and mount the devices in the target fripost_fstab "$part_boot" /boot ext2 defaults fripost_fstab "$part_efi" /boot/efi vfat defaults fripost_fstab "$part_system" / btrfs compress=lzo,subvol=@ fripost_fstab "$part_system" /home btrfs compress=lzo,subvol=@home fripost_fstab "$part_swap" none swap sw fripost_mount_partitions