#!/bin/sh # # Simple partitioning shell script. # # Copyright 2013 Guilhem Moulin # # Licensed under the GNU GPL version 3 or higher. set -ue . /lib/fripost-partman/base.sh # Wipe the disk device=/dev/sda fripost_wipe $device # Create a disk label /sbin/parted -s $device mklabel gpt log "Created disklabel GPT for device $device" # Create a UEFI partition if needed [ -d /proc/efi -o -d /sys/firmware/efi ] && \ part_uefi=$( fripost_mkpart $device uefi 256M +boot ) # Create boot and system partitions part_boot=$( fripost_mkpart $device boot 64M ) part_system=$( fripost_mkpart $device system 100% ) #+lvm /sbin/parted -s $device align-check opt ${part_system#$device} \ || fatal "$part_system is not aligned" # Encrypt the system partition. We choose the key length and digest # depending on the architecture we're on; we use AES128 and SHA-256 on # 32-bits platforms, and AES256 and SHA-512 on 64-bits platforms. arch=$(uname -m) if [ x"$arch" = x"x86_64" ]; then keysize=256 hash=sha512 elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then keysize=128 hash=sha256 fi # Note: XTS requires the key size to be doubled. fripost_encrypt $part_system system_crypt \ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ --iter-time 5000 --use-random # Create logical volumes for /, swap and /home using LVM2 vg=$(hostname) pvcreate -ff -y /dev/mapper/system_crypt vgcreate $vg /dev/mapper/system_crypt lvcreate -L 5G -n root $vg lvcreate -L 1G -n swap $vg lvcreate -l 100%FREE -n home $vg vgchange -ay $vg # Format the partitions mkfs.ext2 -q -E resize=512M -m1 -b 4096 $part_boot mkfs.ext4 -q -b 4096 /dev/$vg/root mkfs.ext4 -q -b 4096 /dev/$vg/home mkswap /dev/$vg/swap # Stuff the fstab and mount the devices in the target fripost_fstab $part_boot /boot ext2 noatime fripost_fstab /dev/$vg/root / ext4 noatime,errors=remount-ro fripost_fstab /dev/$vg/swap none swap sw fripost_fstab /dev/$vg/home /home ext4 noatime fripost_mount_partitions