BodgeMaster
/
void-usb
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install stage 1, opt/grub-config.sh: initial implementation of encryption support 

I'll be very surprised if this contains no bugs.
master
BodgeMaster 2026-04-05 21:27:59 +02:00
parent 5fb752518e
commit e89138b2b7
2 changed files with 191 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
install-stage1.sh
View File

@ -131,72 +131,166 @@ if grep "$TARGET_DISK" /proc/mounts >> $LOGFILE 2>&1; then
fi fi
fi fi
echo -n "Wiping and partitioning storage... " echo "
# new GPT Do you want to encrypt your files?
# 2M BIOS GRUB
# 66592 sectors ESP (first sector + 66591 sectors, the minimum to format FAT32 with default settings) With the exception of the files essential for booting, the system will be encrypted.
# everything else one big partition This will use an additional 1Gib of storage space.
echo "g
n If you enable encryption, you will be prompted for a passphrase. This passphrase will be
asked separately during bootup and may be different from the user login.
"
if yesno; then
ADD_CRYPTSETUP="cryptsetup"
echo -n "Wiping and partitioning storage... "
# new GPT
# 2M BIOS GRUB
# 66592 sectors ESP (first sector + 66591 sectors, the minimum to format FAT32 with default settings)
# everything else one big partition
echo "g
n
+2M +2M
n n
+66591 +66591
n n
+1G
n
t t
1 1
4 4
t t
2 2
1 1
t t
3 3
20 142
w" | fdisk --wipe always --wipe-partitions always "/dev/$TARGET_DISK" >> $LOGFILE 2>&1 t
TARGET_PART_BIOS="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '2p')" 4
TARGET_PART_EFI="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '3p')" 20
TARGET_PART_BIG="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '4p')" w" | fdisk --wipe always --wipe-partitions always "/dev/$TARGET_DISK" >> $LOGFILE 2>&1
echo "done" TARGET_PART_BIOS="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '2p')"
TARGET_PART_EFI="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '3p')"
TARGET_PART_BOOT="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '4p')"
TARGET_PART_BIG="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '5p')"
echo "done"
echo -n "Formatting partitions... " echo -n "Formatting partitions... "
mkfs.vfat -F32 -n "EFIBOOT" "$TARGET_PART_EFI" >> $LOGFILE 2>&1 mkfs.vfat -F32 -n "EFIBOOT" "$TARGET_PART_EFI" >> $LOGFILE 2>&1
mkfs.f2fs -f -l "container" "$TARGET_PART_BIG" >> $LOGFILE 2>&1 mkfs.f2fs -f -l "container" "$TARGET_PART_BOOT" >> $LOGFILE 2>&1
echo "done" echo "Setting up encryption. You will be asked for the same password twice."
cryptsetup luksFormat --batch-mode --type luks2 --force-password "$TARGET_PART_BIG"
cryptsetup luksOpen --batch-mode --type luks2 "$TARGET_PART_BIG" voidusb-container
if [ "$?" -gt 0 ]; then
echo "Failed to open encrypted container. The entered passwords probably didn't match."
exit 1
fi
echo "done"
echo -n "Mounting partitions and virtual file systems... " echo -n "Mounting partitions and virtual file systems... "
mkdir -p /mnt/target >> $LOGFILE 2>&1 mkdir -p /mnt/target >> $LOGFILE 2>&1
mount -t tmpfs -o size=3g,mode=755 tmpfs /mnt/target >> $LOGFILE 2>&1 mount -t tmpfs -o size=3g,mode=755 tmpfs /mnt/target >> $LOGFILE 2>&1
# used for chroot later # used for chroot later
mkdir /mnt/target/run >> $LOGFILE 2>&1 mkdir /mnt/target/run >> $LOGFILE 2>&1
mount -t tmpfs none /mnt/target/run >> $LOGFILE 2>&1 mount -t tmpfs none /mnt/target/run >> $LOGFILE 2>&1
mkdir /mnt/target/proc >> $LOGFILE 2>&1 mkdir /mnt/target/proc >> $LOGFILE 2>&1
mount -t proc proc /mnt/target/proc >> $LOGFILE 2>&1 mount -t proc proc /mnt/target/proc >> $LOGFILE 2>&1
mkdir /mnt/target/sys >> $LOGFILE 2>&1 mkdir /mnt/target/sys >> $LOGFILE 2>&1
mount --rbind /sys /mnt/target/sys >> $LOGFILE 2>&1 mount --rbind /sys /mnt/target/sys >> $LOGFILE 2>&1
mount --make-rslave /mnt/target/sys >> $LOGFILE 2>&1 mount --make-rslave /mnt/target/sys >> $LOGFILE 2>&1
mkdir /mnt/target/dev >> $LOGFILE 2>&1 mkdir /mnt/target/dev >> $LOGFILE 2>&1
mount --rbind /dev /mnt/target/dev >> $LOGFILE 2>&1 mount --rbind /dev /mnt/target/dev >> $LOGFILE 2>&1
mount --make-rslave /mnt/target/dev >> $LOGFILE 2>&1 mount --make-rslave /mnt/target/dev >> $LOGFILE 2>&1
# actual storage # actual storage
mkdir -p /mnt/target/run/void-usb/container >> $LOGFILE 2>&1 mkdir -p /mnt/target/run/void-usb/container >> $LOGFILE 2>&1
mount "$TARGET_PART_BIG" /mnt/target/run/void-usb/container >> $LOGFILE 2>&1 mount /dev/mapper/voidusb-container /mnt/target/run/void-usb/container >> $LOGFILE 2>&1
mkdir /mnt/target/boot >> $LOGFILE 2>&1 mkdir /mnt/target/boot >> $LOGFILE 2>&1
mkdir /mnt/target/run/void-usb/container/boot >> $LOGFILE 2>&1 mount "$TARGET_PART_BOOT" /mnt/target/boot
mount --bind /mnt/target/run/void-usb/container/boot /mnt/target/boot >> $LOGFILE 2>&1 mkdir /mnt/target/boot/efi >> $LOGFILE 2>&1
mkdir /mnt/target/boot/efi >> $LOGFILE 2>&1 mount "$TARGET_PART_EFI" /mnt/target/boot/efi >> $LOGFILE 2>&1
mount "$TARGET_PART_EFI" /mnt/target/boot/efi >> $LOGFILE 2>&1 mkdir /mnt/target/home >> $LOGFILE 2>&1
mkdir /mnt/target/home >> $LOGFILE 2>&1 mkdir /mnt/target/run/void-usb/container/home >> $LOGFILE 2>&1
mkdir /mnt/target/run/void-usb/container/home >> $LOGFILE 2>&1 mount --bind /mnt/target/run/void-usb/container/home /mnt/target/home >> $LOGFILE 2>&1
mount --bind /mnt/target/run/void-usb/container/home /mnt/target/home >> $LOGFILE 2>&1 echo "done"
echo "done" else
echo -n "Wiping and partitioning storage... "
# new GPT
# 2M BIOS GRUB
# 66592 sectors ESP (first sector + 66591 sectors, the minimum to format FAT32 with default settings)
# everything else one big partition
echo "g
n
+2M
n
+66591
n
t
1
4
t
2
1
t
3
20
w" | fdisk --wipe always --wipe-partitions always "/dev/$TARGET_DISK" >> $LOGFILE 2>&1
TARGET_PART_BIOS="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '2p')"
TARGET_PART_EFI="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '3p')"
TARGET_PART_BIG="$(lsblk --raw --noheadings --output PATH "/dev/$TARGET_DISK" | sed -n '4p')"
echo "done"
echo -n "Formatting partitions... "
mkfs.vfat -F32 -n "EFIBOOT" "$TARGET_PART_EFI" >> $LOGFILE 2>&1
mkfs.f2fs -f -l "container" "$TARGET_PART_BIG" >> $LOGFILE 2>&1
echo "done"
echo -n "Mounting partitions and virtual file systems... "
mkdir -p /mnt/target >> $LOGFILE 2>&1
mount -t tmpfs -o size=3g,mode=755 tmpfs /mnt/target >> $LOGFILE 2>&1
# used for chroot later
mkdir /mnt/target/run >> $LOGFILE 2>&1
mount -t tmpfs none /mnt/target/run >> $LOGFILE 2>&1
mkdir /mnt/target/proc >> $LOGFILE 2>&1
mount -t proc proc /mnt/target/proc >> $LOGFILE 2>&1
mkdir /mnt/target/sys >> $LOGFILE 2>&1
mount --rbind /sys /mnt/target/sys >> $LOGFILE 2>&1
mount --make-rslave /mnt/target/sys >> $LOGFILE 2>&1
mkdir /mnt/target/dev >> $LOGFILE 2>&1
mount --rbind /dev /mnt/target/dev >> $LOGFILE 2>&1
mount --make-rslave /mnt/target/dev >> $LOGFILE 2>&1
# actual storage
mkdir -p /mnt/target/run/void-usb/container >> $LOGFILE 2>&1
mount "$TARGET_PART_BIG" /mnt/target/run/void-usb/container >> $LOGFILE 2>&1
mkdir /mnt/target/boot >> $LOGFILE 2>&1
mkdir /mnt/target/run/void-usb/container/boot >> $LOGFILE 2>&1
mount --bind /mnt/target/run/void-usb/container/boot /mnt/target/boot >> $LOGFILE 2>&1
mkdir /mnt/target/boot/efi >> $LOGFILE 2>&1
mount "$TARGET_PART_EFI" /mnt/target/boot/efi >> $LOGFILE 2>&1
mkdir /mnt/target/home >> $LOGFILE 2>&1
mkdir /mnt/target/run/void-usb/container/home >> $LOGFILE 2>&1
mount --bind /mnt/target/run/void-usb/container/home /mnt/target/home >> $LOGFILE 2>&1
echo "done"
fi
clear clear
echo "Storage is now prepared and ready for installation. echo "Storage is now prepared and ready for installation.
@ -252,7 +346,7 @@ XBPS_ARCH="$TARGET_TYPE" xbps-install --yes --sync --rootdir /mnt/target --repos
wifi-firmware traceroute grep gzip file sed gawk less coreutils findutils \ wifi-firmware traceroute grep gzip file sed gawk less coreutils findutils \
diffutils pciutils usbutils tzdata base-files ncurses mdocml procps-ng \ diffutils pciutils usbutils tzdata base-files ncurses mdocml procps-ng \
kbd xbps sudo ethtool kmod eudev runit-void removed-packages nano acpid \ kbd xbps sudo ethtool kmod eudev runit-void removed-packages nano acpid \
squashfs-tools grub grub-i386-efi grub-x86_64-efi dracut xz 2>&1 | tee --append $LOGFILE squashfs-tools grub grub-i386-efi grub-x86_64-efi dracut xz $ADD_CRYPTSETUP 2>&1 | tee --append $LOGFILE
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
echo "" echo ""
echo "An error occurred while trying to install the base system." echo "An error occurred while trying to install the base system."
@ -300,15 +394,27 @@ echo "
echo "done" echo "done"
echo "Adding fstab." echo "Adding fstab."
echo "# See fstab(5). if [ -n "$TARGET_PART_BOOT" ]; then
# <device> <mount point> <fstype> <options> <dump> <pass> echo "# See fstab(5).
# <device> <mount point> <fstype> <options> <dump> <pass>
# /run/void-usb/container, /run/void-usb/overlay, and / are mounted by scripts in initramfs # /run/void-usb/container, /run/void-usb/overlay, and / are mounted by scripts in initramfs
/run/void-usb/container/boot /boot none bind 0 0 UUID=$(blkid --output value --match-tag UUID $TARGET_PART_EFI) /boot f2fs nodev,nosuid,noexec 0 2
/run/void-usb/container/home /home none bind 0 0 /run/void-usb/container/home /home none bind 0 0
UUID=$(blkid --output value --match-tag UUID $TARGET_PART_EFI) /boot/efi vfat defaults,fmask=0077,dmask=0077 0 2 UUID=$(blkid --output value --match-tag UUID $TARGET_PART_EFI) /boot/efi vfat nodev,nosuid,noexec,umask=133,dmask=022 0 2
" > /mnt/target/etc/fstab " > /mnt/target/etc/fstab
else
echo "# See fstab(5).
# <device> <mount point> <fstype> <options> <dump> <pass>
# /run/void-usb/container, /run/void-usb/overlay, and / are mounted by scripts in initramfs
/run/void-usb/container/boot /boot none bind 0 0
/run/void-usb/container/home /home none bind 0 0
UUID=$(blkid --output value --match-tag UUID $TARGET_PART_EFI) /boot/efi vfat nodev,nosuid,noexec,umask=133,dmask=022 0 2
" > /mnt/target/etc/fstab
fi
echo "Configuring keyboard layout." echo "Configuring keyboard layout."
if grep "#KEYMAP=" /mnt/target/etc/rc.conf; then if grep "#KEYMAP=" /mnt/target/etc/rc.conf; then

39
opt/grub-config
View File

@ -4,22 +4,27 @@ OS_NAME="Void Linux USB"
GRUB_PREFIX="/boot/efi/LOADER/grub" GRUB_PREFIX="/boot/efi/LOADER/grub"
CFG_CUSTOM_BEFORE="custom_before.cfg" CFG_CUSTOM_BEFORE="custom_before.cfg"
CFG_CUSTOM_AFTER="custom_after.cfg" CFG_CUSTOM_AFTER="custom_after.cfg"
CONTAINER_UUID="$(blkid --output value --match-tag UUID "$(grep " /run/void-usb/container " /proc/mounts | sed -e 's/ .*//')")"
# TODO: rd.vconsole.keymap
LINUX_CMDLINE="quiet root=/dev/loop0 ro void-usb-container=UUID=$CONTAINER_UUID rd.vconsole.keymap=de-latin1"
DEFAULT_LINUX=/boot/vmlinu? if [ "$(findmnt --noheadings --nofsroot --output SOURCE /boot)" = "$(findmnt --noheadings --nofsroot --output SOURCE /run/void-usb/container)" ]; then
if [ ! -f "$DEFAULT_LINUX" ]; then GRUB_BOOT_PATH="/boot"
# in cases where its a .gz or .xz or whatever else
DEFAULT_LINUX=$(find /boot -type l -name "vmlinu*" 2>/dev/null | sort | head -n1) # assuming separate /boot partition
GRUB_BOOT_PATH=""
fi fi
VOIDUSB_CONTAINER="$(findmnt --noheadings --output SOURCE /run/void-usb/container)"
if grep "/dev/mapper" <<< "$VOIDUSB_CONTAINER" > /dev/null; then
LUKS_SETTINGS="rd.luks.uuid=$(blkid --output value --match-tag UUID "$(ls /sys/block/"$(basename "$(realpath "$VOIDUSB_CONTAINER")")"/slaves | head -n1)")"
else
VOIDUSB_CONTAINER="UUID=$(blkid --output value --match-tag UUID "$VOIDUSB_CONTAINER")"
fi
# TODO: rd.vconsole.keymap
LINUX_CMDLINE="quiet root=/dev/loop0 ro $LUKS_SETTINGS void-usb-container=$VOIDUSB_CONTAINER rd.vconsole.keymap=de-latin1"
DEFAULT_LINUX=$(find /boot -type l -name "vmlinu*" 2>/dev/null | sort | head -n1)
DEFAULT_LINUX="$(sed 's|^/boot/||' <<< "$DEFAULT_LINUX")" DEFAULT_LINUX="$(sed 's|^/boot/||' <<< "$DEFAULT_LINUX")"
DEFAULT_INITRAMFS=/boot/initramfs.img # hope to find anything named initramfs or initrd
if [ ! -f "$DEFAULT_INITRAMFS" ]; then DEFAULT_INITRAMFS=$(find /boot -type l -name "init*" 2>/dev/null | sort | head -n1)
# hope to find anything named initramfs or initrd
DEFAULT_INITRAMFS=$(find /boot -type l -name "init*" 2>/dev/null | sort | head -n1)
fi
DEFAULT_INITRAMFS="$(sed 's|^/boot/||' <<< "$DEFAULT_INITRAMFS")" DEFAULT_INITRAMFS="$(sed 's|^/boot/||' <<< "$DEFAULT_INITRAMFS")"
function make_menuentry { function make_menuentry {
@ -50,9 +55,9 @@ function make_menuentry {
echo " echo "
menuentry 'Linux $LINUX_VERSION' { menuentry 'Linux $LINUX_VERSION' {
echo 'Loading $LINUX...' echo 'Loading $LINUX...'
linux /boot/$LINUX $LINUX_CMDLINE linux $GRUB_BOOT_PATH/$LINUX $LINUX_CMDLINE
echo 'Loading initial ramdisk...' echo 'Loading initial ramdisk...'
initrd /boot/$INITRAMFS initrd $GRUB_BOOT_PATH/$INITRAMFS
}" >> "$GRUB_PREFIX/grub.cfg" }" >> "$GRUB_PREFIX/grub.cfg"
} }
@ -66,7 +71,7 @@ echo "# This file is auto-generated by $0.
# $GRUB_PREFIX/$CFG_CUSTOM_BEFORE or # $GRUB_PREFIX/$CFG_CUSTOM_BEFORE or
# $GRUB_PREFIX/$CFG_CUSTOM_AFTER # $GRUB_PREFIX/$CFG_CUSTOM_AFTER
search --fs-uuid --set=root $CONTAINER_UUID search --fs-uuid --set=root $(blkid --output value --match-tag UUID "$(findmnt --noheadings --nofsroot --output SOURCE /boot)")
set menu_color_normal=white/black set menu_color_normal=white/black
set menu_color_highlight=black/light-gray set menu_color_highlight=black/light-gray
@ -81,9 +86,9 @@ fi
menuentry '$OS_NAME' { menuentry '$OS_NAME' {
echo 'Loading Linux...' echo 'Loading Linux...'
linux /boot/$DEFAULT_LINUX $LINUX_CMDLINE linux $GRUB_BOOT_PATH/$DEFAULT_LINUX $LINUX_CMDLINE
echo 'Loading initial ramdisk...' echo 'Loading initial ramdisk...'
initrd /boot/$DEFAULT_INITRAMFS initrd $GRUB_BOOT_PATH/$DEFAULT_INITRAMFS
} }
submenu 'Choose kernel version...' {" > "$GRUB_PREFIX/grub.cfg" submenu 'Choose kernel version...' {" > "$GRUB_PREFIX/grub.cfg"