x/archery
1
0
Fork 0
mirror of https://gitlab.com/prism7/archery.git synced 2026-04-28 01:17:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change: 'LUKS encryption' stage : Code cleanup

Browse Source
This commit is contained in:
Jane Doe
2025-11-23 16:33:09 +02:00
parent 18c7758122
commit e4d3547fcb
1 changed files with 43 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Amelia.sh
+43 -62
View File
@@ -2,7 +2,7 @@
# Amelia Installer # Amelia Installer
# Source: https://gitlab.com/prism7/archery # Source: https://gitlab.com/prism7/archery
# Version: 1.0.13 # Version: 1.0.14
set -euo pipefail set -euo pipefail
################################################################################################### ###################################################################################################
@@ -4772,12 +4772,6 @@ Re-enter password: "
reload reload
return 1 return 1
fi fi
if [[ "${sep_home}" == "y" && "${hometype}" == "2" ]]; then
homecrypt="no"
elif [[ "${sep_home}" == "y" && "${hometype}" == "1" ]]; then
homecrypt="yes"
fi
ok ok
else else
yes_no yes_no
@@ -5956,15 +5950,15 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
" "
if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTROOT "${root_dev}" > "${void}"; then if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTROOT "${root_dev}" > "${void}"; then
if [[ "${rota}" == "0" ]]; then if [[ "${rota}" == "0" ]]; then
echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${root_dev}" CryptRoot || err_abort echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${root_dev}" root || err_abort
else else
echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${root_dev}" CryptRoot || err_abort echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${root_dev}" root || err_abort
fi fi
#------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------
if [[ "${fs}" == "1" ]]; then if [[ "${fs}" == "1" ]]; then
mkfs.ext4 -F -L CryptRoot /dev/mapper/CryptRoot > "${void}" 2> "${log}" || err_abort mkfs.ext4 -F -L Root /dev/mapper/root > "${void}" 2> "${log}" || err_abort
tune2fs -O fast_commit /dev/mapper/CryptRoot > "${void}" 2> "${log}" || err_abort tune2fs -O fast_commit /dev/mapper/root > "${void}" 2> "${log}" || err_abort
mount /dev/mapper/CryptRoot /mnt > "${void}" 2> "${log}" || err_abort mount /dev/mapper/root /mnt > "${void}" 2> "${log}" || err_abort
sleep 0.2 sleep 0.2
NC " NC "
==> [${green}Encrypted /Root OK${nc}] ==> [${green}Encrypted /Root OK${nc}]
@@ -5972,8 +5966,8 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
luks_root="ok" luks_root="ok"
#------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------
elif [[ "${fs}" == "2" ]]; then elif [[ "${fs}" == "2" ]]; then
mkfs.btrfs -f -L CryptRoot /dev/mapper/CryptRoot > "${void}" 2> "${log}" || err_abort mkfs.btrfs -f -L Root /dev/mapper/root > "${void}" 2> "${log}" || err_abort
mount /dev/mapper/CryptRoot /mnt > "${void}" 2> "${log}" || err_abort mount /dev/mapper/root /mnt > "${void}" 2> "${log}" || err_abort
btrfs subvolume create /mnt/@ > "${void}" 2> "${log}" || err_abort btrfs subvolume create /mnt/@ > "${void}" 2> "${log}" || err_abort
btrfs subvolume create /mnt/@home > "${void}" 2> "${log}" || err_abort btrfs subvolume create /mnt/@home > "${void}" 2> "${log}" || err_abort
btrfs subvolume create /mnt/@cache > "${void}" 2> "${log}" || err_abort btrfs subvolume create /mnt/@cache > "${void}" 2> "${log}" || err_abort
@@ -5984,14 +5978,14 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
btrfs subvolume create /mnt/@swap > "${void}" 2> "${log}" || err_abort btrfs subvolume create /mnt/@swap > "${void}" 2> "${log}" || err_abort
fi fi
umount /mnt > "${void}" 2> "${log}" || err_abort umount /mnt > "${void}" 2> "${log}" || err_abort
mount -o "${sbvl_mnt_opts}",subvol=@ /dev/mapper/CryptRoot /mnt > "${void}" 2> "${log}" || err_abort mount -o "${sbvl_mnt_opts}",subvol=@ /dev/mapper/root /mnt > "${void}" 2> "${log}" || err_abort
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@home /dev/mapper/CryptRoot /mnt/home > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@home /dev/mapper/root /mnt/home > "${void}" 2> "${log}" || err_abort
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@cache /dev/mapper/CryptRoot /mnt/var/cache > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@cache /dev/mapper/root /mnt/var/cache > "${void}" 2> "${log}" || err_abort
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@log /dev/mapper/CryptRoot /mnt/var/log > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@log /dev/mapper/root /mnt/var/log > "${void}" 2> "${log}" || err_abort
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@tmp /dev/mapper/CryptRoot /mnt/var/tmp > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@tmp /dev/mapper/root /mnt/var/tmp > "${void}" 2> "${log}" || err_abort
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@snapshots /dev/mapper/CryptRoot /mnt/"${snapname}" > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@snapshots /dev/mapper/root /mnt/"${snapname}" > "${void}" 2> "${log}" || err_abort
if [[ "${swapmode}" == "2" ]]; then if [[ "${swapmode}" == "2" ]]; then
mount --mkdir -o "${sbvl_mnt_opts}",subvol=@swap /dev/mapper/CryptRoot /mnt/swap > "${void}" 2> "${log}" || err_abort mount --mkdir -o "${sbvl_mnt_opts}",subvol=@swap /dev/mapper/root /mnt/swap > "${void}" 2> "${log}" || err_abort
fi fi
sleep 0.2 sleep 0.2
NC " NC "
@@ -6010,11 +6004,11 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
line2 line2
if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTSWAP "${swap_dev}" > "${void}"; then if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTSWAP "${swap_dev}" > "${void}"; then
if [[ "${rota}" == "0" ]]; then if [[ "${rota}" == "0" ]]; then
echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${swap_dev}" CryptSwap || err_abort echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${swap_dev}" swap || err_abort
else else
echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${swap_dev}" CryptSwap || err_abort echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${swap_dev}" swap || err_abort
fi fi
mkswap /dev/mapper/CryptSwap > "${void}" 2> "${log}" || err_abort mkswap /dev/mapper/swap > "${void}" 2> "${log}" || err_abort
sleep 0.2 sleep 0.2
NC " NC "
==> [${green}Encrypted /Swap OK${nc}] ==> [${green}Encrypted /Swap OK${nc}]
@@ -6028,17 +6022,17 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
fi fi
fi fi
#-------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------
if [[ "${homecrypt}" == "yes" ]]; then if [[ "${sep_home}" == "y" && "${hometype}" == "1" ]]; then
line2 line2
if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTHOME "${home_dev}" > "${void}"; then if echo -n "${CRYPTPASS}" | cryptsetup luksFormat --label CRYPTHOME "${home_dev}" > "${void}"; then
if [[ "${rota}" == "0" ]]; then if [[ "${rota}" == "0" ]]; then
echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${home_dev}" CryptHome || err_abort echo -n "${CRYPTPASS}" | cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent luksOpen "${home_dev}" home || err_abort
else else
echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${home_dev}" CryptHome || err_abort echo -n "${CRYPTPASS}" | cryptsetup luksOpen "${home_dev}" home || err_abort
fi fi
mkfs.ext4 -F -L CryptHome /dev/mapper/CryptHome > "${void}" 2> "${log}" || err_abort mkfs.ext4 -F -L Home /dev/mapper/home > "${void}" 2> "${log}" || err_abort
tune2fs -O fast_commit /dev/mapper/CryptHome > "${void}" 2> "${log}" || err_abort tune2fs -O fast_commit /dev/mapper/home > "${void}" 2> "${log}" || err_abort
mount --mkdir /dev/mapper/CryptHome /mnt/home > "${void}" 2> "${log}" || err_abort mount --mkdir /dev/mapper/home /mnt/home > "${void}" 2> "${log}" || err_abort
sleep 0.2 sleep 0.2
NC " NC "
==> [${green}Encrypted /Home OK${nc}] ==> [${green}Encrypted /Home OK${nc}]
@@ -6050,35 +6044,14 @@ ${magenta}###${nc}-------------------------------------${magenta}[ ${bwhite}LUKS
do_umount do_umount
return 1 return 1
fi fi
elif [[ "${homecrypt}" == "no" ]]; then elif [[ "${sep_home}" == "y" && "${hometype}" == "2" ]]; then
[[ "${hometype}" == "1" ]] && homeform="y" sleep 0.2
if [[ "${hometype}" == "2" ]]; then YELLOW "
homeform="n"
sleep 0.2
YELLOW "
> An existing /Home partition has been detected and will be utilized in this installation > An existing /Home partition has been detected and will be utilized in this installation
" "
keypress keypress
fi
fi
if [[ "${homeform}" == "y" ]]; then
if mkfs.ext4 -F -L Home "${home_dev}" > "${void}" 2> "${log}" ; then
tune2fs -O fast_commit "${home_dev}" > "${void}" 2> "${log}" || err_abort
mount --mkdir "${home_dev}" /mnt/home > "${void}" 2> "${log}" || err_abort
sleep 0.2
NC "
==> [${green}/Home OK${nc}]
"
else
line2
err_try
do_umount
return 1
fi
elif [[ "${homeform}" == "n" ]]; then
mount --mkdir "${home_dev}" /mnt/home > "${void}" 2> "${log}" || err_abort mount --mkdir "${home_dev}" /mnt/home > "${void}" 2> "${log}" || err_abort
sleep 0.2 sleep 0.2
NC " NC "
@@ -7197,10 +7170,9 @@ set_vars() {
if [[ "${encrypt}" == "yes" ]]; then if [[ "${encrypt}" == "yes" ]]; then
# Encrypted Root Device # Encrypted Root Device
encr_root_dev="/dev/mapper/CryptRoot" encr_root_dev="/dev/mapper/root"
# Encrypted Root Options # Encrypted Root Options
encr_root_opts="rd.luks.name=$(blkid -s UUID -o value "${root_dev}")=CryptRoot" encr_root_opts="rd.luks.name=$(blkid -s UUID -o value "${root_dev}")=root"
# ATTENTION LUKS ROOT KERNEL CMDLINE # ATTENTION LUKS ROOT KERNEL CMDLINE
encr_root_bootopts="${encr_root_opts} root=${encr_root_dev}" encr_root_bootopts="${encr_root_opts} root=${encr_root_dev}"
@@ -7211,10 +7183,10 @@ set_vars() {
# Encrypted Swap Partition # Encrypted Swap Partition
if [[ "${swapmode}" == "1" ]]; then if [[ "${swapmode}" == "1" ]]; then
# Encrypted Swap Partition Options # Encrypted Swap Partition Options
encr_swap_opts="rd.luks.name=$(blkid -s UUID -o value "${swap_dev}")=CryptSwap" encr_swap_opts="rd.luks.name=$(blkid -s UUID -o value "${swap_dev}")=swap"
# ATTENTION LUKS SWAP PARTITION KERNEL CMDLINE # ATTENTION LUKS SWAP PARTITION KERNEL CMDLINE
encr_swap_bootopts="resume=/dev/mapper/CryptSwap ${encr_swap_opts}" encr_swap_bootopts="resume=/dev/mapper/swap ${encr_swap_opts}"
# Encrypted Swapfile # Encrypted Swapfile
elif [[ "${swapmode}" == "2" ]]; then elif [[ "${swapmode}" == "2" ]]; then
@@ -7229,6 +7201,12 @@ set_vars() {
# ATTENTION LUKS SWAPFILE KERNEL CMDLINE # ATTENTION LUKS SWAPFILE KERNEL CMDLINE
encr_swap_bootopts="resume=${encr_root_dev} resume_offset=${offst}" encr_swap_bootopts="resume=${encr_root_dev} resume_offset=${offst}"
fi fi
#--------------------------------------------------------------------------------------------------
# LUKS HOME SETUP
if [[ "${sep_home}" == "y" && "${hometype}" == "1" ]]; then
encr_home_bootopts="rd.luks.name=$(blkid -s UUID -o value "${home_dev}")=home"
fi
#-------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------
# LUKS HOOKS SETUP # LUKS HOOKS SETUP
@@ -7254,6 +7232,9 @@ set_vars() {
# If LUKS Swap: # If LUKS Swap:
[[ -n "${encr_swap_bootopts}" ]] && boot_opts+=("${encr_swap_bootopts}") [[ -n "${encr_swap_bootopts}" ]] && boot_opts+=("${encr_swap_bootopts}")
# If LUKS Home:
[[ -n "${encr_home_bootopts}" ]] && boot_opts+=("${encr_home_bootopts}")
#-------------------------------------------------------------------------------------------------- #--------------------------------------------------------------------------------------------------
# NO ENCRYPTION # NO ENCRYPTION
@@ -7484,7 +7465,7 @@ CUSTOM_SRVC
log="Amelia.log" log="Amelia.log"
disks="$(lsblk --nodeps --paths --noheadings --output=name,size,model | cat --number)" disks="$(lsblk --nodeps --paths --noheadings --output=name,size,model | cat --number)"
trg="" trg=""
vars=(LOCALESET="" SETLOCALE="" lcl_slct="" USERNAME="" kernelnmbr="" fs="" gfxcount="" gfxcard="" intelcount="" intelcards="" nvidiacount="" nvidiacards="" amdcount="" amdcards="" vendor="" vendors="" desktop="" terminal="" efi_entr_del="" sanity="" install="" bootldr_pkgs="" devel="" REGDOM="" gfx_bootopts="" btrfs_bootopts="" trim="" swapmode="" homecrypt="" greeter="" greeternmbr="" cust_bootopts="" vmpkgs="" vm_services="" perf_stream="" displaymanager="" wireless_reg="" bitness="" bootloader="" gfx_slct="" espsize="" autoroot="" autoesp="" autoxboot="" autohome="" autoswap="" rootprt="" espprt="" xbootprt="" homeprt="" swapprt="" partok="" instl_drive="" sgdsk_nmbr="" part_mode="" preset="" capacity="" cap_gib="" rootsize="" sgdrive="" cgdrive="" smartpart="" presetpart="" prcnt="" roottype="" stage_prompt="" zram="" xbootloader="" multibooting="" hypervisor="" mkinitcpio_mods="" mkinitcpio_bins="" uki="" ukify="" cng_espmnt="" sep_home="" encr_swap_bootopts="" uefimode="" luks_encrypt="" nrg_plc="" multilib="" nvname="" nogsp="" luks_root="" luks_swap="" luks_home="" installation="" kill_watchdog="" oomd="" setrescue="" lowlat="" dev="" web="" web_pkg="" web_aur="" web_slct="" printer="" print_pkgs="" shellnmbr="" shell="" shellname="" shellname2="" shell_pkgs="" genoptm="" set_optm="" ask_param="" desk_setup="" irqbalance="" thermald="" rngd="" rtkit="" tlp="" CRYPTPASS="" CRYPTPASS2="" askoptm="" gptslct="" gptok="" gptabort="" nvdprop="" nowarning="" efiname="" path="" hometype="" homeform="" LuksParts="") vars=(LOCALESET="" SETLOCALE="" lcl_slct="" USERNAME="" kernelnmbr="" fs="" gfxcount="" gfxcard="" intelcount="" intelcards="" nvidiacount="" nvidiacards="" amdcount="" amdcards="" vendor="" vendors="" desktop="" terminal="" efi_entr_del="" sanity="" install="" bootldr_pkgs="" devel="" REGDOM="" gfx_bootopts="" btrfs_bootopts="" trim="" swapmode="" greeter="" greeternmbr="" cust_bootopts="" vmpkgs="" vm_services="" perf_stream="" displaymanager="" wireless_reg="" bitness="" bootloader="" gfx_slct="" espsize="" autoroot="" autoesp="" autoxboot="" autohome="" autoswap="" rootprt="" espprt="" xbootprt="" homeprt="" swapprt="" partok="" instl_drive="" sgdsk_nmbr="" part_mode="" preset="" capacity="" cap_gib="" rootsize="" sgdrive="" cgdrive="" smartpart="" presetpart="" prcnt="" roottype="" stage_prompt="" zram="" xbootloader="" multibooting="" hypervisor="" mkinitcpio_mods="" mkinitcpio_bins="" uki="" ukify="" cng_espmnt="" sep_home="" encr_swap_bootopts="" encr_home_bootopts="" uefimode="" luks_encrypt="" nrg_plc="" multilib="" nvname="" nogsp="" luks_root="" luks_swap="" luks_home="" installation="" kill_watchdog="" oomd="" setrescue="" lowlat="" dev="" web="" web_pkg="" web_aur="" web_slct="" printer="" print_pkgs="" shellnmbr="" shell="" shellname="" shellname2="" shell_pkgs="" genoptm="" set_optm="" ask_param="" desk_setup="" irqbalance="" thermald="" rngd="" rtkit="" tlp="" CRYPTPASS="" CRYPTPASS2="" askoptm="" gptslct="" gptok="" gptabort="" nvdprop="" nowarning="" efiname="" path="" hometype="" homeform="" LuksParts="")
export "${vars[@]}" export "${vars[@]}"
sleep 0.2 sleep 0.2
CYANBG "************************************************************************************************* " CYANBG "************************************************************************************************* "