blob: 4f4d177f6b3709c1e6f67c4dd150f189cd9348f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Template: fripost/seed_urandom_progress_title
Type: text
Description: Seeding /dev/urandom with ${BYTES} bytes from /dev/random
Template: fripost/seed_urandom_progress_info
Type: text
Description: This may take a while
Template: debian-installer/fripost-partman/title
Type: text
Description: Partition disks using a shell script
Template: fripost/partition-script
Type: text
Description: Which script should be used for partitioning?
The path should be absolute, and the script must be executable.
Template: fripost/wipe-device
Type: select
Default: zero
Choices: none, zero, urandom, random
Description: Which kind of data fill the disk with before encryption?
'none' means disks will NOT wiped, otherwise use
/dev/{zero,urandom,random} as the source data to fill disks with.
Beware that the later two may drain the entropy pool of the system!
Template: fripost/wipe-device_progress_title
Type: text
Description: Filling ${DISK} with ${SIZE} ${WHAT}
Template: fripost/wipe-device_progress_info
Type: text
Description: ${COMMAND}
Template: fripost/encrypt
Type: boolean
Default: true
Description: Should the system disk be fully encrypted? (Excluding /boot.)
Template: fripost/encryption-password
Type: password
Default:
Description: Password for full-disk encryption:
If left empty, a SSH daemon will be fired and the automatic install
will be interupted, waiting for the user to dump the password on the
standard input.
Template: fripost/ssh-keypair-generation_progress_title
Type: text
Description: Generating public/private ${TYPE} key pair
Template: fripost/encryption-slurpkey_title
Type: note
Description: Waiting for passphrase
Template: fripost/encryption-slurpkey_text
Type: text
Description: Press 'continue' once you have sent the key
You now need to send the encryption key for the LUKS/dm-crypt volume to
this special-purpose SSH server:
.
ssh -o UserKnownHostsFile=/dev/null -T root@${IPv4} < /path/to/key
.
To defeat MiTM-attacks, please ensure that the server fingerprint matches
.
${SSHFPR_SERVER}
.
Key(s) that are granted access have the following fingerprint:
.
${SSHFPR_AUTHORIZED}
.
Note: This server is ephemeral, and will be replaced with a full-blown
daemon toward the end of the installation. Using /dev/null as the
Known Hosts File is meant to tell the SSH client not to remember its
public key.
Template: fripost/cryptsetup-genkey_progress_title
Type: text
Description: Generating volume key
Template: fripost/cryptsetup-genkey_progress_info
Type: text
Description: This will take a while if it drains the entropy pool
Template: fripost/mkfs_progress_title
Type: text
Description: Formatting ${DEVICE} as ${TYPE}
Template: fripost/mkfs_progress_info
Type: text
Description: ${STAGE}
|