Skip to content

Instantly share code, notes, and snippets.

@mauricioprado00

mauricioprado00/Clone-Kubuntu-Encrypted.sh

Last active March 9, 2023 22:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mauricioprado00/6ea2a43c36f6cc581b42c4b9464494b5 to your computer and use it in GitHub Desktop.
Save mauricioprado00/6ea2a43c36f6cc581b42c4b9464494b5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Clone-Kubuntu-Encrypted.sh
original_device=/dev/sdb
copy_device=/dev/nvme0n1
function get_partition_prefix
{
local device="$1"
ls ${device}* | grep -v '^'${device}'$' | sort | head -n1 | sed 's#[0-9]$##g'
}
function get_password
{
local dev="$1"
local password
local confirm
echo -n "Please provide a password for the encrypted device {$dev}: " 1>&2
read -s password
echo 1>&2
echo -n ${password}
printf "${password}" | cryptsetup luksOpen --test-passphrase ${dev}
}
function get_deviceid
{
local dev="$1"
local UUID
eval $(blkid "${dev}" | tr ' ' '\n' | grep '^UUID')
echo $UUID
}
encryption_password=$(get_password ${original_device}3)
original_partition=$(get_partition_prefix ${original_device})
copy_partition=$(get_partition_prefix ${copy_device})
original_deviceid=$(get_deviceid ${original_partition}3)
copy_deviceid=$(get_deviceid ${copy_partition}3)
crypt_name=$(basename ${original_partition})3_crypt
# from https://askubuntu.com/questions/719409/how-to-reinstall-grub-from-a-liveusb-if-the-partition-is-encrypted-and-there-i
# and https://wiki.debian.org/GrubEFIReinstall
# This is not a cli-script, it's an interactive detail of steps to be executed in your commandline
# assuming that originl device is ${original_device} and target device is ${copy_device} and they are of different size.
# if they are the same size then you can just use dd to clone.
# Target is to create: fdisk -l
# Device Start End Sectors Size Type
# ${copy_device}1 2048 1050623 1048576 512M EFI System
# ${copy_device}2 1050624 4550655 3500032 1,7G Linux filesystem
# ${copy_device}3 4550656 976773119 972222464 463,6G Linux filesystem
#
# more detailed information of the configuration can be obtained with
# sfdisk -d ${original_device}
# label: gpt
# label-id: 497F7EBE-6252-4EA3-B6ED-DB5C73EFA55A
# device: ${original_device}
# unit: sectors
# first-lba: 34
# last-lba: 1000215182
# sector-size: 512
#
# ${original_device}p1 : start= 2048, size= 1048576, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=F3C23FAA-966B-42E7-8FAF-DACA3D30F3AF, name="EFI System Partition"
# ${original_device}p2 : start= 1050624, size= 3500032, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=B02AE055-0CD0-44AF-B187-1617C4C12DFD
# ${original_device}p3 : start= 4550656, size= 995663872, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=36E282E0-D31D-46A4-AFCF-40E5BD422B6C
#
# where ${copy_device}3 is encrypted and contains an LVM system.
# get configuration for nvme0n1
sfdisk -d ${original_device} | \
grep -v last-lba `# ignore size of disk` | \
head -n -1 `# ignore last partition because we dont know its size ` |\
grep -v 'device:' |\
grep -v 'label-id:' |\
sed 's#/dev/.*:# :#g' `# rename disk` \
> /tmp/sda.sfdisk
# create the two first partitions (efi + boot)
sfdisk ${copy_device} < /tmp/sda.sfdisk
# get the last partition end, in sectors, because that way there is no roundig loss
set -- $(parted ${copy_device} unit s print | grep '^ [0-9]' | sed 's#[^0-9 ]##g' | tail -n1)
# ^ unit accepts MB, MiB, etc
# docs https://www.gnu.org/software/parted/manual/parted.html
start=$(($3 + 1))
parted ${copy_device} mkpart primary ext4 ${start}s 100%
# ^ unit, accepts MB, MiB
# shound't be necessary, but just in case
parted ${copy_device} set 1 boot on
parted ${copy_device} set 1 esp
# New info: Information: You may need to update /etc/fstab.!!!!!!!!!!!!!!!!!!!
# format partitions, a bit useless if will be later overwritten, but well
yes | mkfs.fat -F32 ${copy_partition}1
yes | mkfs.ext4 ${copy_partition}2
# copy efi and boot partitions into target
dd if=${original_partition}1 bs=10M of=${copy_partition}1
dd if=${original_partition}2 bs=10M of=${copy_partition}2
sync
# get the size of the disk in bytes
#disk_size=$(blockdev --getsize64 ${copy_device})
# create encrypted disk, provide password, this will erase everything in sda3
cryptsetup luksFormat ${copy_partition}3
# echo -n "${password}" | cryptsetup luksFormat ${copy_partition}3
# create the mapper device /dev/mapper/${crypt_name}
cryptsetup open ${copy_partition}3 ${crypt_name}
# see LVM INFO
# lvscan
# pvdisplay
# vgdisplay
# lvdisplay
# create phisical volume
pvcreate /dev/mapper/${crypt_name}
# create volume group
vgcreate vgkubuntunew /dev/mapper/${crypt_name}
# select group to work
vgchange -ay vgkubuntunew
# create the swap disk of the size of ram (free -h)
lvcreate -L8G -n swap_1 vgkubuntunew /dev/mapper/${crypt_name}
# create the main partition with the remaining content
lvcreate -l 100%FREE -n root vgkubuntunew /dev/mapper/${crypt_name}
# format ext4
yes | mkfs.ext4 /dev/vgkubuntunew/root
# mount the new system
mkdir /media/new-kubuntu-root
mount /dev/vgkubuntunew/root /media/new-kubuntu-root
# rsync -avxHAX --progress /media/original-kubuntu-root --exclude={"/media/original-kubuntu-root/dev/*","/media/original-kubuntu-root/proc/*","/media/original-kubuntu-root/sys/*","/media/original-kubuntu-root/tmp/*","/media/original-kubuntu-root/run/*","/media/original-kubuntu-root/mnt/*","/media/original-kubuntu-root/media/*","/media/original-kubuntu-root/lost+found"} /media/new-kubuntu-root
# mv /media/new-kubuntu-root/original-kubuntu-root/* /media/new-kubuntu-root/
# rmdir /media/new-kubuntu-root/original-kubuntu-root
rsync -avxHAWX --progress / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} /media/new-kubuntu-root
sed -i 's#UUID=[0-9a-zA-Z-]\+#UUID='${copy_deviceid}'#g' /media/new-kubuntu-root/etc/crypttab
# must restart and open only the copied device and do
vgrename vgkubuntunew vgkubuntu
# select group to work
vgchange -ay vgkubuntunew
modprobe efivars
# mount boot from device's partition
mkdir /media/new-kubuntu-root/boot/
mount ${copy_partition}2 /media/new-kubuntu-root/boot/
# mount efi from device's partition
mount ${copy_partition}1 /media/new-kubuntu-root/boot/efi
# mount linux special systems
mount --bind /dev /media/new-kubuntu-root/dev
mount --bind /dev/pts /media/new-kubuntu-root/dev/pts
mount --bind /proc /media/new-kubuntu-root/proc
mount --bind /sys /media/new-kubuntu-root/sys
mount --bind /sys/firmware/efi/efivars /media/new-kubuntu-root/sys/firmware/efi/efivars
# run chroot son new system
#chroot /media/new-kubuntu-root
# reinstall grub
chroot /media/new-kubuntu-root apt-get -y purge grub\*
chroot /media/new-kubuntu-root apt-get -y install grub-efi
chroot /media/new-kubuntu-root apt-get -y autoremove
chroot /media/new-kubuntu-root apt-get install --reinstall -y grub-efi-amd64
chroot /media/new-kubuntu-root grub-install ${original_device}
chroot /media/new-kubuntu-root update-grub
chroot /media/new-kubuntu-root update-initramfs -u -k all
# new info
#dpkg: error processing package shim-signed (--configure):
# dependency problems - leaving triggers unprocessed
#Errors were encountered while processing:
# grub-efi-amd64-signed
# shim-signed
#E: Sub-process /usr/bin/dpkg returned an error code (1)
# exit chroot
#exit
# unmount all
umount /media/new-kubuntu-root/dev/pts
umount /media/new-kubuntu-root/dev
umount /media/new-kubuntu-root/proc
umount /media/new-kubuntu-root/sys/firmware/efi/efivars
umount /media/new-kubuntu-root/sys
umount /media/new-kubuntu-root/boot/efi/
umount /media/new-kubuntu-root/boot/
umount /media/new-kubuntu-root/
# https://linux-blog.anracom.com/2018/11/08/cryptsetup-close-not-working-for-lvm-on-luks-device-busy/
dmsetup info -C
vgchange -a n vgkubuntu
dmsetup info -C
# close encrypted partition
cryptsetup luksClose ${crypt_name}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment