scaery/postinstall.sh

## postinstall.sh
#!/bin/bash

dd if=/dev/urandom of=/boot/grub/map.pc bs=1024 count=4
chmod 0400 /boot/grub/map.pc

# d-i quick'n dirty fix for luks with custom specified keyfile in slot 0
echo '0123456789' | cryptsetup luksAddKey /dev/sda5 /boot/grub/map.pc
echo '0123456789' | cryptsetup luksRemoveKey /dev/sda5
cryptsetup luksAddKey --key-file /boot/grub/map.pc --key-slot 0 /dev/sda5 /boot/grub/map.pc
cryptsetup luksKillSlot --key-file /boot/grub/map.pc /dev/sda5 1

sed -i "s/none/\/boot\/grub\/map.pc/g" /etc/crypttab
sed -i "s/discard/discard,key-slot=0/g" /etc/crypttab

echo 'KEYFILE_PATTERN="/boot/grub/map.pc"' >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
update-initramfs -u

echo 'GRUB_ENABLE_CRYPTODISK="y"' >> /etc/default/grub
update-grub
	#!/bin/bash

	dd if=/dev/urandom of=/boot/grub/map.pc bs=1024 count=4
	chmod 0400 /boot/grub/map.pc

	# d-i quick'n dirty fix for luks with custom specified keyfile in slot 0
	echo '0123456789' \| cryptsetup luksAddKey /dev/sda5 /boot/grub/map.pc
	echo '0123456789' \| cryptsetup luksRemoveKey /dev/sda5
	cryptsetup luksAddKey --key-file /boot/grub/map.pc --key-slot 0 /dev/sda5 /boot/grub/map.pc
	cryptsetup luksKillSlot --key-file /boot/grub/map.pc /dev/sda5 1

	sed -i "s/none/\/boot\/grub\/map.pc/g" /etc/crypttab
	sed -i "s/discard/discard,key-slot=0/g" /etc/crypttab

	echo 'KEYFILE_PATTERN="/boot/grub/map.pc"' >> /etc/cryptsetup-initramfs/conf-hook
	echo "UMASK=0077" >> /etc/initramfs-tools/initramfs.conf
	update-initramfs -u

	echo 'GRUB_ENABLE_CRYPTODISK="y"' >> /etc/default/grub
	update-grub