Created
August 31, 2017 12:52
-
-
Save r0xsh/622f11f0a4476d2244fe6917ef6fb8dd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DEVICE="/dev/sda" | |
KEYMAP="fr-pc" | |
# Clean du disk et convert to GPT format | |
sgdisk -og $DEVICE > /dev/null | |
# Define les sizeblocks | |
ST_EFI=2048 | |
EN_EFI=$(((512 * 2 * 1024) + $ST_EFI)) | |
ST_ROOT=$(($EN_EFI + 1)) | |
EN_ROOT=$(((40960 * 2 * 1024) + $ST_ROOT)) | |
ST_VAR=$(($EN_ROOT + 1)) | |
EN_VAR=$(((12288 * 2 * 1024) + $ST_VAR)) | |
ST_SWAP=$(($EN_VAR + 1)) | |
EN_SWAP=$(((8192 * 2 * 1024) + $ST_SWAP)) | |
echo "Disk setup..." | |
# Partition du disk | |
sgdisk -n 1:$ST_EFI:$EN_EFI -c 1:"EFI BOOT" -t 1:ef00 $DEVICE > /dev/null | |
sgdisk -n 2:$ST_ROOT:$EN_ROOT -c 2:"Linux /" -t 2:8304 $DEVICE > /dev/null | |
sgdisk -n 3:$ST_VAR:$EN_VAR -c 3:"Linux /var" -t 3:8300 $DEVICE > /dev/null | |
sgdisk -n 4:$ST_SWAP:$EN_SWAP -c 4:"SWAP" -t 4:8200 $DEVICE > /dev/null | |
sgdisk --largest-new=5 -c 5:"Linux /home" -t 5:8302 $DEVICE > /dev/null | |
sgdisk -p $DEVICE | |
echo "Filesystem setup..." | |
# Create le fichier de crypt | |
dd if=/dev/urandom of=${HOME}/cryptfile bs=1024 count=7 > /dev/null | |
# Crypt et demande le mot de passe de boot | |
loadkeys -d | |
askpwsd: | |
read -s -p "Enter Password: " pwsd | |
read -s -p "Enter Password: " pwsd2 | |
if [ $pwsd != $pwsd ]; then | |
echo "Password not matching !" | |
goto askpwsd:; | |
fi | |
echo "Encrypt..." | |
# / | |
echo -n $pwsd | cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}2 | |
# /var | |
cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}3 ${HOME}/cryptfile | |
# /home | |
cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}5 ${HOME}/cryptfile | |
echo -n $pwsd | cryptsetup luksOpen ${DEVICE}2 cryptroot | |
cryptsetup --key-file ${HOME}/cryptfile luksOpen ${DEVICE}3 cryptvar | |
cryptsetup --key-file ${HOME}/cryptfile luksOpen ${DEVICE}5 crypthome | |
loadkeys $KEYMAP | |
# Format des partitions | |
mkfs.fat -F32 ${DEVICE}1 > /dev/null | |
mkfs.xfs -f /dev/mapper/cryptroot > /dev/null | |
mkfs.xfs -f /dev/mapper/cryptvar > /dev/null | |
mkswap ${DEVICE}4 > /dev/null | |
mkfs.xfs -f /dev/mapper/crypthome > /dev/null | |
# Montage des partitions | |
mount /dev/mapper/cryptroot /mnt | |
mkdir -p /mnt/{boot,var,home} | |
mount /dev/mapper/cryptvar /mnt/var | |
mount /dev/mapper/crypthome /mnt/home | |
mount ${DEVICE}1 /mnt/boot | |
swapon ${DEVICE}4 | |
# Installation du system | |
pacstrap /mnt base base-devel | |
# Copie du fichier de cryptage | |
cp ${HOME}/cryptfile /mnt/etc/cryptfile | |
echo -e "swap\t`blkid ${DEVICE}4 -o export | grep UUID`\t/dev/urandom\tswap,cipher=aes-cbc-essiv:sha256,size=256" >> /mnt/etc/crypttab | |
echo -e "var\t`blkid ${DEVICE}3 -o export | grep UUID`\t/etc/cryptfile" >> /mnt/etc/crypttab | |
echo -e "home\t`blkid ${DEVICE}5 -o export | grep UUID`\t/etc/cryptfile" >> /mnt/etc/crypttab |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment