From 93fb7f3ee51c8bcaee6dac9a2d31e0e7cf6b3c77 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:10:54 +0000 Subject: Feature: #28 being worked on --- archinstall.py | 50 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/archinstall.py b/archinstall.py index 725d05ee..06e51300 100644 --- a/archinstall.py +++ b/archinstall.py @@ -781,6 +781,7 @@ def setup_args_defaults(args, interactive=True): if not 'password' in args: args['password'] = '0000' # Default disk passord, can be or a fixed string if not 'default' in args: args['default'] = False if not 'profile' in args: args['profile'] = None + if not 'skip-encrypt' in args: args['skip-encrypt'] = False if not 'profiles-path' in args: args['profiles-path'] = profiles_path if not 'rerun' in args: args['rerun'] = None if not 'aur-keep' in args: args['aur-keep'] = False @@ -902,7 +903,7 @@ def encrypt_partition(drive, partition, keyfile='/tmp/diskpw', *positionals, **k return True def mkfs_btrfs(drive='/dev/mapper/luksdev', *positionals, **kwargs): - o = b''.join(sys_command('/usr/bin/mkfs.btrfs -f /dev/mapper/luksdev')) + o = b''.join(sys_command(f'/usr/bin/mkfs.btrfs -f {drive}')) if not b'UUID' in o: return False return True @@ -915,6 +916,17 @@ def mount_luksdev(where='/dev/mapper/luksdev', to='/mnt', *positionals, **kwargs o = b''.join(sys_command('/usr/bin/mount /dev/mapper/luksdev /mnt', *positionals, **kwargs)) return True +def mount_part(drive, partition, mountpoint='/mnt', *positionals, **kwargs): + os.makedirs(mountpoint, exist_ok=True) + #o = b''.join(sys_command('/usr/bin/mount | /usr/bin/grep /mnt/boot', *positionals, **kwargs)) # /dev/dm-0 + + check_mounted = simple_command(f'/usr/bin/mount | /usr/bin/grep {mountpoint}', *positionals, **kwargs).decode('UTF-8').strip() + if len(check_mounted): + return False + + o = b''.join(sys_command(f'/usr/bin/mount {drive}{partition} {mountpoint}', *positionals, **kwargs)) + return True + def mount_boot(drive, partition, mountpoint='/mnt/boot', *positionals, **kwargs): os.makedirs('/mnt/boot', exist_ok=True) #o = b''.join(sys_command('/usr/bin/mount | /usr/bin/grep /mnt/boot', *positionals, **kwargs)) # /dev/dm-0 @@ -926,11 +938,13 @@ def mount_boot(drive, partition, mountpoint='/mnt/boot', *positionals, **kwargs) o = b''.join(sys_command(f'/usr/bin/mount {drive}{partition} {mountpoint}', *positionals, **kwargs)) return True -def mount_mountpoints(drive, bootpartition, mountpoint='/mnt/boot', *positionals, **kwargs): +def mount_mountpoints(drive, bootpartition, mountpoint='/mnt', *positionals, **kwargs): drive = args[drive] - bootpartition = args['partitions'][bootpartition] - mount_luksdev(*positionals, **kwargs) - mount_boot(drive, bootpartition, mountpoint='/mnt/boot', *positionals, **kwargs) + if args['skip-encrypt']: + mount_part(drive, args['partitions']["2"], mountpoint, *positionals, **kwargs) + else: + mount_luksdev(*positionals, **kwargs) + mount_boot(drive, args['partitions'][bootpartition], mountpoint=f'{mountpoint}/boot', *positionals, **kwargs) return True def re_rank_mirrors(top=10, *positionals, **kwargs): @@ -1190,20 +1204,26 @@ if __name__ == '__main__': print(f'[E] Could not setup {args["drive"]}{args["partitions"]["1"]}') exit(1) - # "--cipher sha512" breaks the shit. - # TODO: --use-random instead of --use-urandom - print(f'[N] Adding encryption to {args["drive"]}{args["partitions"]["2"]}.') - if not encrypt_partition('drive', '2', 'pwfile'): - print('[E] Failed to setup disk encryption.', o) - exit(1) + if not args['skip-encrypt']: + # "--cipher sha512" breaks the shit. + # TODO: --use-random instead of --use-urandom + print(f'[N] Adding encryption to {args["drive"]}{args["partitions"]["2"]}.') + if not encrypt_partition('drive', '2', 'pwfile'): + print('[E] Failed to setup disk encryption.', o) + exit(1) - if not mount_luktsdev('drive', '2', 'pwfile'): - print('[E] Could not open encrypted device.', o) - exit(1) + if not args['skip-encrypt']: + if not mount_luktsdev('drive', '2', 'pwfile'): + print('[E] Could not open encrypted device.', o) + exit(1) if not args['rerun'] or args['ignore-rerun']: print(f'[N] Creating btrfs filesystem inside {args["drive"]}{args["partitions"]["2"]}') - if not mkfs_btrfs(): + + on_part = '/dev/mapper/luksdev' + if args['skip-encrypt']: + on_part = f'{args["drive"]}/{args["partitions"]["2"]}' + if not mkfs_btrfs(on_part): print('[E] Could not setup btrfs filesystem.', o) exit(1) -- cgit v1.2.3-70-g09d2 From 375976b7ce75c6309ddb06c5bd29d781dbb54fd6 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:14:53 +0000 Subject: Debugging --- archinstall.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/archinstall.py b/archinstall.py index 06e51300..c4b21b9d 100644 --- a/archinstall.py +++ b/archinstall.py @@ -903,7 +903,9 @@ def encrypt_partition(drive, partition, keyfile='/tmp/diskpw', *positionals, **k return True def mkfs_btrfs(drive='/dev/mapper/luksdev', *positionals, **kwargs): + print('On drive:', drive) o = b''.join(sys_command(f'/usr/bin/mkfs.btrfs -f {drive}')) + print(o) if not b'UUID' in o: return False return True @@ -1179,9 +1181,10 @@ if __name__ == '__main__': # with open(args['pwfile'], 'r') as pw: # PIN = pw.read().strip() - print() - print('[!] Disk PASSWORD is: {}'.format(args['password'])) - print() + if not args['skip-encrypt']: + print() + print('[!] Disk PASSWORD is: {}'.format(args['password'])) + print() if not args['rerun'] or args['ignore-rerun']: for i in range(5, 0, -1): @@ -1224,7 +1227,7 @@ if __name__ == '__main__': if args['skip-encrypt']: on_part = f'{args["drive"]}/{args["partitions"]["2"]}' if not mkfs_btrfs(on_part): - print('[E] Could not setup btrfs filesystem.', o) + print('[E] Could not setup btrfs filesystem.') exit(1) mount_mountpoints('drive', '1') -- cgit v1.2.3-70-g09d2 From 0dbd44e253756b4604bf20ab8c87b1b251b938c4 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:15:31 +0000 Subject: Debugging --- archinstall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archinstall.py b/archinstall.py index c4b21b9d..a2e65312 100644 --- a/archinstall.py +++ b/archinstall.py @@ -1225,7 +1225,7 @@ if __name__ == '__main__': on_part = '/dev/mapper/luksdev' if args['skip-encrypt']: - on_part = f'{args["drive"]}/{args["partitions"]["2"]}' + on_part = f'{args["drive"]}{args["partitions"]["2"]}' if not mkfs_btrfs(on_part): print('[E] Could not setup btrfs filesystem.') exit(1) -- cgit v1.2.3-70-g09d2 From 8cc90ad8741bef833858470d4388544489f98d9e Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:16:05 +0000 Subject: Feature: #28 - Testing phase --- archinstall.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/archinstall.py b/archinstall.py index a2e65312..899566c8 100644 --- a/archinstall.py +++ b/archinstall.py @@ -903,9 +903,7 @@ def encrypt_partition(drive, partition, keyfile='/tmp/diskpw', *positionals, **k return True def mkfs_btrfs(drive='/dev/mapper/luksdev', *positionals, **kwargs): - print('On drive:', drive) o = b''.join(sys_command(f'/usr/bin/mkfs.btrfs -f {drive}')) - print(o) if not b'UUID' in o: return False return True -- cgit v1.2.3-70-g09d2 From 1aec07f82944978ff473336a9919e8b72b1da94d Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:23:55 +0000 Subject: Feature: #28 - Fixing the booatloader config when disk ain't encrypted --- archinstall.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/archinstall.py b/archinstall.py index 899566c8..1cc42255 100644 --- a/archinstall.py +++ b/archinstall.py @@ -1017,7 +1017,10 @@ def setup_bootloader(*positionals, **kwargs): entry.write('title Arch Linux\n') entry.write('linux /vmlinuz-linux\n') entry.write('initrd /initramfs-linux.img\n') - entry.write('options cryptdevice=UUID={UUID}:luksdev root=/dev/mapper/luksdev rw intel_pstate=no_hwp\n'.format(UUID=UUID)) + if args['skip-encrypt']: + entry.write('options root=PARTUUID={UUID} rw intel_pstate=no_hwp\n'.format(UUID=UUID)) + else: + entry.write('options cryptdevice=UUID={UUID}:luksdev root=/dev/mapper/luksdev rw intel_pstate=no_hwp\n'.format(UUID=UUID)) return True -- cgit v1.2.3-70-g09d2 From 70c811e2bcc5a5492b230021c8de41b0c2368956 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:50:05 +0000 Subject: Feature: #28 - Fixing the booatloader config when disk ain't encrypted --- archinstall.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/archinstall.py b/archinstall.py index 1cc42255..e0c42a04 100644 --- a/archinstall.py +++ b/archinstall.py @@ -1012,14 +1012,16 @@ def setup_bootloader(*positionals, **kwargs): ## For some reason, blkid and /dev/disk/by-uuid are not getting along well. ## And blkid is wrong in terms of LUKS. #UUID = sys_command('blkid -s PARTUUID -o value {drive}{partition_2}'.format(**args)).decode('UTF-8').strip() - UUID = simple_command(f"ls -l /dev/disk/by-uuid/ | grep {os.path.basename(args['drive'])}{args['partitions']['2']} | awk '{{print $9}}'").decode('UTF-8').strip() with open('/mnt/boot/loader/entries/arch.conf', 'w') as entry: entry.write('title Arch Linux\n') entry.write('linux /vmlinuz-linux\n') entry.write('initrd /initramfs-linux.img\n') if args['skip-encrypt']: + ## NOTE: We could use /dev/disk/by-partuuid but blkid does the same and a lot cleaner + UUID = simple_command(f"blkid -s PARTUUID -o value /dev/{os.path.basename(args['drive'])}{args['partitions']['2']}").decode('UTF-8').strip() entry.write('options root=PARTUUID={UUID} rw intel_pstate=no_hwp\n'.format(UUID=UUID)) else: + UUID = simple_command(f"ls -l /dev/disk/by-uuid/ | grep {os.path.basename(args['drive'])}{args['partitions']['2']} | awk '{{print $9}}'").decode('UTF-8').strip() entry.write('options cryptdevice=UUID={UUID}:luksdev root=/dev/mapper/luksdev rw intel_pstate=no_hwp\n'.format(UUID=UUID)) return True -- cgit v1.2.3-70-g09d2 From 72e6eb4567d0287b233ab758b30607d54f29a80a Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Thu, 28 Nov 2019 00:56:17 +0000 Subject: Feature: #28 - Tested and works --- archinstall.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/archinstall.py b/archinstall.py index e0c42a04..a7d46211 100644 --- a/archinstall.py +++ b/archinstall.py @@ -1184,10 +1184,12 @@ if __name__ == '__main__': # with open(args['pwfile'], 'r') as pw: # PIN = pw.read().strip() + print() if not args['skip-encrypt']: - print() - print('[!] Disk PASSWORD is: {}'.format(args['password'])) - print() + print('[!] Disk & root PASSWORD is: {}'.format(args['password'])) + else: + print('[!] root PASSWORD is: {}'.format(args['password'])) + print() if not args['rerun'] or args['ignore-rerun']: for i in range(5, 0, -1): -- cgit v1.2.3-70-g09d2