# # This Makefile will result in a working install of # Linux Mint Debian Edition (version 201303) i686 OR amd64 # on a luks encrypted lvm2 partition with root, swap and data filesystem # # This Makefile is based on: # http://forum.linuxmint.com/viewtopic.php?p=475552#p475552 # https://github.com/linuxmint/live-installer/blob/master/usr/lib/live-installer/installer.py # Questions? PePas # # For instructions on USAGE, run as root in the directory containing this Makefile: # # make help # ### More handholding instuctions: ## ## 1. Boot the Live environment of LMDE 201303 ## ## 2. Open a Terminal (Menu, Terminal) and enter: ## sudo -i ## mkdir make ## cd make ## wget j.mp/makelmde ## mv makelmde Makefile ## nano Makefile ## ### 3. Adapt the SETTINGS section in the Makefile, for instance like this: ## boot_device=/dev/sda1 ## crypt_device=/dev/sda2 ## grub_device=/dev/sda ## username=me ## hostname=mine ## ### 4. Partition the drive, for instance (taking up all space): ## ## fdisk /dev/sda ## o [Enter] ## n [Enter] ## [Enter] ## [Enter] ## [Enter] ## +128M [Enter] ## n [Enter] ## [Enter] ## [Enter] ## [Enter] ## [Enter] ## w [Enter] ## ### (This is making a 128 MB boot partition, and giving the rest to the encrypted lvm2) ## ### 5. Start the Makefile by doing: ## ## make all ## ### 6. Answer the questions as they come up: ## - password for encryption (twice the same) ## - password for decryption (same again) ## - password for user, and some irrelevant info ## - about the keyboard ## - about the timezone ## ## And that's it! ## ## ### If for some reason or error it needs to run again, do any of: ## ## make finalize # don't do anything you've already succesfully done ## ## make all # do critical steps again, just to make sure ## ## make allover # do everything again ## ## (In some cases you then want "force_reencrypt=YES" in SETTINGS) ## # ----------------------------------------------------------------------------- ### SETTINGS ## Indicate that you want the crypt-partition wiped even if already setup by putting YES: force_reencrypt=NO ## Indicate that you want a non-pae 468 kernel by putting YES: force_486=NO ## Specify the partitions you created by any valid device path, like: ## /dev/disk/by-label/... /dev/... /dev/disk/by-id/... boot_device=/dev/sda1 crypt_device=/dev/sda2 ## Specify the device where to install grub by any valid device path: grub_device=/dev/sda ## Specify your preferred username and hostname: username=pp hostname=lmde64 ## Specify the filesystem labels: crypt_label=crypt boot_label=boot root_label=root swap_label=swap data_label=home ## Specify lvm2 partition sizes in gigabites (GiB): ## - if NO then no attempt will be made to create that partition ## - if REST (only for one of them!) then the rest of the available space will be used ## - if DEFAULT then root=20G swap=MEMSIZE+100M data=REST ## - the minimum size for root is 6G ## - if there is less than 1G left for data, it will not be made root_size=12 swap_size=DEFAULT data_size=REST ## Indicate which ones (apart from root) needs formatting by putting YES: format_boot=YES format_swap=YES format_data=YES ## Specify extra packages to be installed: extra_packages= # ----------------------------------------------------------------------------- tmpdir=/etc/mint_install crypt_uuid=$(shell blkid -s UUID -o value ${crypt_device}) root_device=/dev/mapper/${crypt_label}-${root_label} data_device=/dev/mapper/${crypt_label}-${data_label} swap_device=/dev/mapper/${crypt_label}-${swap_label} boot_uuid=$(shell blkid -s UUID -o value ${boot_device}) root_uuid=$(shell blkid -s UUID -o value ${root_device}) data_uuid=$(shell blkid -s UUID -o value ${data_device}) swap_uuid=$(shell blkid -s UUID -o value ${swap_device}) ifeq "${root_size}" "DEFAULT" lvmroot=-L 20G -Zn else ifeq "${root_size}" "REST" lvmroot=-l 100%FREE -Zn else ifneq "${root_size}" "NO" lvmroot=-L ${root_size}G -Zn endif ifeq "${data_size}" "DEFAULT" lvmdata=-l 100%FREE -Zn else ifeq "${data_size}" "REST" lvmdata=-l +100%FREE -Zn else ifneq "${data_size}" "NO" lvmdata=-L ${data_size}G -Zn endif ifeq "${swap_size}" "DEFAULT" mem=$(shell head -1 /proc/meminfo |sed 's/[^0-9]//g') swapsize=$(shell expr ${mem} + 100000) lvmswap=-L ${swapsize}K -C y -Zn else ifeq "${swap_size}" "REST" lvmswap=-l 100%FREE -Zn else ifneq "${swap_size}" "NO" lvmswap=-L ${root_size}G -Zn endif ifneq "${force_486}" "YES" ifneq "$(shell uname -m)" "x86_64" kernel=linux-image-686-pae else kernel= endif endif help: echo echo ' This Makefile will result in a working install of' echo ' Linux Mint Debian Edition (version 201303)' echo ' on a luks encrypted lvm2 partition with root, swap and data filesystem' echo echo ' Preparations:' echo ' 1) Boot the LMDE live iso (from cd/dvd or usb)' echo ' 2) Manually partition your disk using "gparted" or other ways (see comments in this file)' echo ' You will need to create two partitions, a boot partition (128MB or more)' echo ' and large encrypted partition (for root, data and swap)' echo ' 3) Copy this Makefile onto your (live iso) system in a directory of its own' echo ' 4) Edit the SETTINGS section in the Makefile according to requirements' echo ' 5) Perform the installation by running as root user IN the Makefile directory (so: 'cd' to it):' echo echo ' ## This erases the designated partition! Make sure this is what you want' echo ' make encrypt ## will request the password to use for encryption' echo echo ' make decrypt ## will ask for the password for decryption' echo echo ' ## This will only work if there is enough space' echo ' make lvm2_partitions' echo echo ' ## This formats the partitions! Make sure this is what you want' echo ' make format' echo echo ' make mount ## prepares the filesystems' echo echo ' make copy ## copies the compressed filesystem from the iso' echo echo ' make prep_chroot ## prepare for chroot' echo echo ' make finalize ## will ask for various settings' echo echo ' Alternatively, you can just run:' echo echo ' ## This is very destructive, make sure this is what you want!' echo ' make finalize ## do all of the above' echo echo ' 6) Reboot into your working install' echo .SILENT: help unmountall .PHONY: help all cleanall allover cleanallover unmountall encrypt decrypt lvm2_partitions format mount copy prep_chroot finalize inside all: cleanall encrypt decrypt lvm2_partitions format mount copy prep_chroot finalize cleanall: rm -fv _encrypt _swapon _mount _copy _prep_chroot _finalize allover: cleanallover unmountall encrypt decrypt lvm2_partitions format mount copy prep_chroot finalize cleanallover: rm -fv _encrypt _decrypt _apt_update _lvm2 _lvm2_partitions _format _swapon _mount _copy _prep_chroot _finalize unmountall: -umount /target/dev -umount /target/boot -umount /target/${data_label} -umount /target -swapoff ${swap_device} -vgchange -an -cryptsetup luksClose ${crypt_label} _encrypt: @echo ifeq "${force_reencrypt}" "YES" cryptsetup luksFormat -c aes -s 128 ${crypt_device} rm -fv _decrypt else if cryptsetup isLuks ${crypt_device}; then echo; echo "${crypt_device} is already formatted";\ else cryptsetup luksFormat -c aes -s 128 ${crypt_device}; rm -fv _decrypt; fi endif touch $@ encrypt: _encrypt _decrypt: _encrypt @echo cryptsetup luksOpen ${crypt_device} ${crypt_label} @echo dmsetup status touch $@ decrypt: _decrypt _apt_update: apt-get update touch $@ _lvm2: _apt_update apt-get install lvm2 @echo pvscan @echo touch $@ _lvm2_partitions: _decrypt _lvm2 vgchange -ay @echo lvscan ## for any label that exists, nothing will happen -vgcreate ${crypt_label} /dev/mapper/${crypt_label} ifneq "${swap_size}" "NO" -lvcreate ${lvmswap} -n ${swap_label} ${crypt_label} endif ifneq "${root_size}" "NO" -lvcreate ${lvmroot} -n ${root_label} ${crypt_label} endif ifneq "${data_size}" "NO" -lvcreate ${lvmdata} -n ${data_label} ${crypt_label} endif touch $@ lvm2_partitions: _lvm2_partitions _format: _lvm2_partitions mkfs -t ext4 -j -L ${root_label} ${root_device} ifeq "${format_boot}" "YES" mkfs -t ext2 -L ${boot_label} ${boot_device} endif ifeq "${format_data}" "YES" mkfs -t ext4 -j -m 0 -L ${data_label} ${data_device} endif ifeq "${format_swap}" "YES" mkswap -f -L ${swap_label} ${swap_device} endif touch $@ format: _format _swapon: _format @echo swapon ${swap_device} @echo swapon -s touch $@ _mount: _swapon mkdir -p /target mount ${root_device} /target mkdir -p /target/boot mount ${boot_device} /target/boot mkdir -p /target/${data_label} mount ${data_device} /target/${data_label} @echo df -hlTt ext2 -t ext4 touch $@ mount: _mount _copy: _mount @echo cp -a /live/rofs/filesystem.squashfs/* /target touch $@ copy: _copy _prep_chroot: _copy @echo @echo 'proc /proc proc defaults 0 0' >/target/etc/fstab @echo 'UUID=${swap_uuid} ${swap_label} swap sw 0 0' >>/target/etc/fstab @echo 'UUID=${root_uuid} / ext4 relatime,errors=remount-ro 0 1' >>/target/etc/fstab @echo 'UUID=${data_uuid} /${data_label} ext4 relatime 0 2' >>/target/etc/fstab @echo 'UUID=${boot_uuid} /boot ext2 relatime 0 2' >>/target/etc/fstab cat /target/etc/fstab @echo @echo '${crypt_label} UUID=${crypt_uuid} none luks' >/target/etc/crypttab cat /target/etc/crypttab @echo sed 's/mint/${hostname}/g' /etc/hosts >/target/etc/hosts sed 's/mint/${username}/g' /etc/mdm/mdm.conf >/target/etc/mdm/mdm.conf echo ${hostname} >/target/etc/hostname rm /target/etc/resolv.conf ## remove symlink cp /etc/resolv.conf /target/etc mkdir -p /target${tmpdir} cp Makefile /target${tmpdir} mount --bind /dev /target/dev touch $@ prep_chroot: _prep_chroot _finalize: prep_chroot touch -a /target/_inside chroot /target make -f ${tmpdir}/Makefile inside cp _* /target${tmpdir} -umount /target/dev rm -fv _prep_chroot -umount /target/boot -umount /target/${data_label} -umount /target rm -fv _mount -swapoff ${swap_device} rm -fv _swapon -vgchange -an ${crypt_label} rm -fv _lvm2 -cryptsetup luksClose crypt rm -fv _decrypt sync @echo @echo ' Ready for reboot!' @echo touch $@ finalize: _finalize _inside: @echo @echo 'Do not run "make inside", instead, run "make finalize"' @echo 'Aborting...' @echo false inside: _inside mount -t sysfs sys /sys mount -t proc proc /proc mount -t devpts pts /dev/pts deluser --remove-home mint adduser ${username} addgroup ${username} sudo passwd -l root dpkg --configure -a dpkg-reconfigure keyboard-configuration dpkg-reconfigure tzdata apt-get update apt-get --yes purge 'live-*' apt-get --yes install lvm2 ${kernel} ${extra_packages} update-grub grub-install ${grub_device} umount /dev/pts umount /proc umount /sys exit