Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #start here: https://help.ubuntu.com/community/ManualFullSystemEncryption
- # This is a butchering of the script the guide gets you to run.
- # Made to be exactly what I want without any extras or prompts.
- #findPartitions # The various partitions.
- # I'm just manually entering what I want
- declare -gr DATA_PARTITION_CHOSEN=false
- declare -gr SWAP_PARTITION_CHOSEN=false
- declare -gr HIBERNATION_CHOSEN=${SWAP_PARTITION_CHOSEN}
- #declare -gr SWAP_PARTITION_SIZE=65536
- declare -gr PARTITION_SYSTEM=/dev/sdc1
- #PARTITION_ESP= this is EFI and so I don't need this
- # findBootloader # The bootloader.
- #declare -gr BOOTLOADER=/dev/??? #not sure I need this either
- # findPassphrases # The passphrases (and password note).
- declare -gr PASSPHRASE_SYSTEM=""
- #preInstallationProcess # Do the pre-installation
- # Encrypt the system partition.
- encryptPartition System ${PARTITION_SYSTEM} "${PASSPHRASE_SYSTEM}"
- # Unlock the system partition.
- unlockPartition System system ${PARTITION_SYSTEM} "${PASSPHRASE_SYSTEM}"
- setUpLvm System system # Set up the system LVM.
- setUpLogicalVolume Boot boot system 512M # Create /boot.
- formatVolume Boot system-boot ext4 boot # Format /boot.
- setUpLogicalVolume Root root system '100%FREE' # Create root.
- formatVolume Root system-root ext4 root # Format root.
- #runInstaller # Run the installer.
- echo "just manually run the installer and follow the guide"
- echo "https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessInstallUbuntu"
- read -rp 'Press Enter to continue once installer finished, or press Ctrl+C to cancel: '
- #---------------------------------------------------------------------------------------------------
- #-------- Functions --------------------------------------------------------------------------------
- #---------------------------------------------------------------------------------------------------
- function inputSummary ()
- {
- cat <<-END
- $Summary
- Partition ${PARTITION_SYSTEM} will be used for your System partition (root).
- Passphrase: ${PASSPHRASE_SYSTEM}
- Please check the details carefully before deciding whether or not to proceed.
- Are you sure that these details are correct?
- END
- # Confirm permission.
- local ANSWER=''
- read -rp "Type Y to proceed, or anything else to cancel, and press Enter: " ANSWER
- if [[ "${ANSWER,}" != 'y' ]]
- then
- echo
- echo 'Terminated. I did nothing.'
- echo
- exit 3 # Terminate if incorrect.
- fi
- } #inputSummary
- #---------------------------------------------------------------------------------------------------
- # Encrypt a partition
- #
- # Parameters
- # 1 Human-readable name for the partition
- # 2 The partition, e.g. /dev/sda2, nvme0n1p2
- # 3 The passphrase
- #---------------------------------------------------------------------------------------------------
- function encryptPartition ()
- {
- local -r HUMAN_NAME=${1}
- local -r PARTITION=${2}
- local -r PASSPHRASE="${3}"
- echo
- echo "Encrypting the ${HUMAN_NAME} partition..."
- # Encrypt the partition.
- echo -n "${PASSPHRASE}" | sudo cryptsetup luksFormat --hash=sha512 --key-size=512 --key-file=- ${PARTITION}
- local -ir RET=${?} # Catch the return code.
- (( RET )) && error "There was an error encrypting the ${HUMAN_NAME} partition." ${RET}
- } # encryptPartition
- #---------------------------------------------------------------------------------------------------
- # Unlock a partition
- #
- # Parameters
- # 1 Human-readable name for the partition
- # 2 Partition label
- # 3 The partition, e.g. /dev/sda2, /dev/nvme0n1p2
- # 4 The passphrase
- #---------------------------------------------------------------------------------------------------
- function unlockPartition ()
- {
- local -r HUMAN_NAME=${1}
- local -r LABEL=${2}
- local -r PARTITION=${3}
- local -r PASSPHRASE="${4}"
- echo
- echo "Unlocking the ${HUMAN_NAME} partition..."
- # Unlock the partition.
- echo -n "${PASSPHRASE}" | sudo cryptsetup open --type=luks --key-file=- ${PARTITION} ${LABEL}
- local -ir RET=${?} # Catch the return code.
- (( RET )) && error "There was an error unlocking the ${HUMAN_NAME} partition." ${RET}
- } # unlockPartition
- #---------------------------------------------------------------------------------------------------
- # Set up LVM for the partition.
- #
- # Parameters
- # 1 Human-readable name for the partition
- # 2 Partition label
- #---------------------------------------------------------------------------------------------------
- function setUpLvm ()
- {
- local -r HUMAN_NAME=${1}
- local -r LABEL=${2}
- echo
- echo "Set up ${HUMAN_NAME} physical volume for ${LABEL}..."
- sudo pvcreate /dev/mapper/${LABEL} # Initialise the physical volume.
- local -i RET=${?} # Catch the return code.
- (( RET )) && error "There was an error initialising the physical volume for LVM on the ${HUMAN_NAME} partition." ${RET}
- echo
- echo "Set up ${HUMAN_NAME} volume group for ${LABEL}..."
- sudo vgcreate ${LABEL} /dev/mapper/${LABEL} # Set up the volume group.
- RET=${?} # Catch the return code.
- (( RET )) && error "There was an error setting up the volume group for LVM on the ${HUMAN_NAME} partition." ${RET}
- } # setUpLvm
- #---------------------------------------------------------------------------------------------------
- # Set up the logical volume for a partition.
- #
- # Parameters
- # 1 Human-readable name for the partition
- # 2 Partition label
- # 3 Partition to set up
- # 4 Size, including the modifier, e.g. 512M and 100%FREE
- #---------------------------------------------------------------------------------------------------
- function setUpLogicalVolume ()
- {
- local -r HUMAN_NAME=${1} # Human-readable name.
- local -r LABEL=${2} # The logical volumne name.
- local -r PARTITION=${3} # The partition where to create it.
- local -r SIZE=${4} # The required size.
- echo
- echo "Set up logical volume ${HUMAN_NAME} for ${LABEL} in ${PARTITION} size ${SIZE}..."
- if [[ ${SIZE} == '100%FREE' ]]
- then
- local -r OPTION=extents
- else
- local -r OPTION=size
- fi
- sudo lvcreate --${OPTION}=${SIZE} --name=${LABEL} ${PARTITION}
- local -i RET=${?} # Catch the return code.
- (( RET )) && error "There was an error initialising the logical volume for LVM on the ${HUMAN_NAME} partition." ${RET}
- } # setUpLogicalVolume
- #---------------------------------------------------------------------------------------------------
- # Format a volume.
- #
- # Parameters
- # 1 Human-readable name for the partition
- # 2 Partition to be formatted
- # 3 Type of format, specifically swap or ext4
- # 4 Lbel for the partition
- #---------------------------------------------------------------------------------------------------
- function formatVolume ()
- {
- local -r HUMAN_NAME="${1}"
- local -r PARTITION=${2}
- local -r TYPE=${3}
- local -r LABEL="${4}"
- echo
- echo "Format ${HUMAN_NAME} partition ${PARTITION} (${LABEL}) as ${TYPE}..."
- # Format the partition.
- if [[ ${TYPE} == 'swap' ]]
- then
- sudo mkswap --label=${LABEL} /dev/mapper/${PARTITION}
- else
- sudo mkfs.ext4 -L ${LABEL} /dev/mapper/${PARTITION}
- fi
- local -ir RET=${?} # Catch the return code.
- (( RET )) && error "Error formatting the ${HUMAN_NAME} partition in ${PARTITION}." ${RET}
- } # formatVolume
- postInstallationProcess # Do the post-installation work.
- go to https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessCheckAndFinalise
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
