blob: 1a33e02d3aaed676d6c80fc7ed9396f5c9b46ffa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/sh
set -ue
. /lib/fripost-partman/base.sh
device=/dev/sda
fripost_wipe $device
/sbin/parted -s $device mklabel gpt
log "Created disklabel GPT for device $device"
[ -d /proc/efi -o -d /sys/firmware/efi ] && \
part_uefi=$( fripost_mkpart $device uefi 256M +boot )
part_boot=$( fripost_mkpart $device boot 64M )
part_system=$( fripost_mkpart $device system 100% ) #+lvm
/sbin/parted -s $device align-check opt ${part_system#$device} \
|| fatal "$part_system is not aligned"
# Choose the key length and digest depending on the architecture
# we're on; we use AES128 and SHA-256 on 32-bits platforms, and
# AES256 and SHA-512 on 64-bits platforms.
arch=$(uname -m)
if [ x"$arch" = x"x86_64" ]; then
keysize=256
hash=sha512
elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
keysize=128
hash=sha256
fi
# Note: XTS requires the key size to be doubled.
fripost_encrypt $part_system system_crypt \
--cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
--iter-time 5000 --use-random
vg=$(hostname)
pvcreate -ff -y /dev/mapper/system_crypt
vgcreate $vg /dev/mapper/system_crypt
lvcreate -L 5G -n root $vg
lvcreate -L 1G -n swap $vg
lvcreate -l 100%FREE -n home $vg
vgchange -ay $vg
# Format the partitions
mkfs.ext2 -q -E resize=512M -m1 -b 4096 $part_boot
mkfs.ext4 -q -b 4096 /dev/$vg/root
mkfs.ext4 -q -b 4096 /dev/$vg/home
mkswap /dev/$vg/swap
# Stuff the fstab and mount the devices in the target
fripost_fstab $part_boot /boot ext2 noatime
fripost_fstab /dev/$vg/root / ext4 noatime,errors=remount-ro
fripost_fstab /dev/$vg/swap none swap sw
fripost_fstab /dev/$vg/home /home ext4 noatime
fripost_mount_partitions
|