From 68a128153c1d51177f85e548524fa3d9fa0089c3 Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 31 May 2021 17:11:39 +0200 Subject: [PATCH] Read encryption key when starting installation if not given otherwise; Clarify readme --- README.md | 27 ++++++++++++++++----------- configure | 4 ++-- install | 19 +++++++++++-------- scripts/functions.sh | 35 +++++++++++++++++++++++++++++------ scripts/utils.sh | 10 +++++----- 5 files changed, 63 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 54e188a..e580178 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,13 @@ edited by hand if desired. An example configuration is provided with the reposit ## Quick start -1. Download a copy or clone this repo -1. Run `./configure` and save your configuration -1. When using encryption, export your desired key with `export GENTOO_INSTALL_ENCRYPTION_KEY='mypassword'` -1. Run installation using `./install` +First, boot into a live environment of your choice. I recommend using an [Arch Linux](https://www.archlinux.org/download/) live iso, +as the installer will then be able to automatically download required programs or setup zfs support on the fly. After that, +proceed with the following steps: + +1. Either clone this repo or download and extract a copy +1. Run `./configure` and save your desired configuration +1. Begin installation using `./install` Every option is explained in detail in `gentoo.conf.example` and in the help menu popups in the configurator. When installing, you will be asked to review the partitioning before anything critical is done. @@ -22,21 +25,21 @@ and OpenRC as the init system. The system will use `sys-kernel/gentoo-kernel-bin`, which should be suitable to boot most systems out of the box. It is strongly recommend to replace this kernel -with a custom built one, when the system is functional. If you are looking for a way -to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel). +with a custom built one, when the system is functional. 1. Partition disks (supports gpt, raid, luks) 1. Download and cryptographically verify the newest stage3 tarball 1. Extract the stage3 tarball 1. Sync portage tree -1. Configure portage (create zz-autounmask files, configure MAKEOPTS, EMERGE_DEFAULT_OPTS) -1. Select the fastest gentoo mirrors -1. Configure the base system +1. Configure portage (create zz-autounmask files, configure `make.conf`) +1. Select the fastest gentoo mirrors if desired +1. Configure the base system (timezone, keymap, locales, ...) 1. Install git and other required tools (e.g. zfs if you have used zfs) -1. Install `sys-kernel/gentoo-kernel-bin` (until you replace it) +1. Install `sys-kernel/gentoo-kernel-bin` (until you can compile your own) 1. Generate an initramfs with dracut 1. Create efibootmgr entry or install syslinux depending on whether your system uses EFI or BIOS -1. Generate a basic fstab +1. Generate fstab +1. (Optional components from below) 1. Asks if a root password should be set Also, optionally the following will be done: @@ -57,6 +60,8 @@ want to consider doing after the base system installation is finished: - Set `FEATURES="buildpkg"` if you want to build binary packages * Use a safe umask like `umask 0077` +If you are looking for a way to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel). + ## Usage Installing gentoo with this script is simple. diff --git a/configure b/configure index 2942c87..20d378d 100755 --- a/configure +++ b/configure @@ -832,7 +832,7 @@ function PARTITIONING_ROOT_FS_menu() { function PARTITIONING_USE_LUKS_tag() { echo " ├ Use LUKS"; } function PARTITIONING_USE_LUKS_label() { on_off_label "$PARTITIONING_USE_LUKS" " ├ "; } function PARTITIONING_USE_LUKS_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "classic_single_disk" "btrfs_centric"; } -function PARTITIONING_USE_LUKS_help() { echo "Determines if LUKS will be used to encrypt your root partition. Export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing."; } +function PARTITIONING_USE_LUKS_help() { echo "Determines if LUKS will be used to encrypt your root partition. You can export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing if you don't want to be asked."; } function PARTITIONING_USE_LUKS_menu() { on_off_toggle "PARTITIONING_USE_LUKS" UNSAVED_CHANGES=true @@ -841,7 +841,7 @@ function PARTITIONING_USE_LUKS_menu() { function PARTITIONING_ZFS_ENCRYPTION_tag() { echo " ├ ZFS Encryption"; } function PARTITIONING_ZFS_ENCRYPTION_label() { on_off_label "$PARTITIONING_ZFS_ENCRYPTION" " ├ "; } function PARTITIONING_ZFS_ENCRYPTION_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "zfs_centric" && one_of "$PARTITIONING_ZFS_POOL_TYPE" "standard"; } -function PARTITIONING_ZFS_ENCRYPTION_help() { echo "Determines if ZFS encryption will be used to encrypt your root partition. Export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing."; } +function PARTITIONING_ZFS_ENCRYPTION_help() { echo "Determines if ZFS encryption will be used to encrypt your root partition. You can export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing if you don't want to be asked."; } function PARTITIONING_ZFS_ENCRYPTION_menu() { on_off_toggle "PARTITIONING_ZFS_ENCRYPTION" UNSAVED_CHANGES=true diff --git a/install b/install index 82fb39d..b46e3ba 100755 --- a/install +++ b/install @@ -109,16 +109,19 @@ if [[ -z "$ACTION" ]]; then fi fi -# Load config -[[ -e "$CONFIG" ]] \ - || die "Configuration file '$CONFIG' does not exist. To run the configurator, omit '-i' or " +# Load config if we aren't just chrooting +if [[ -e "$CONFIG" ]]; then + [[ "$ACTION" == "chroot" ]] \ + || die "Configuration file '$CONFIG' does not exist. To run the configurator, omit '-i' or " -# shellcheck disable=SC1090 -source "$CONFIG" || die "Could not source config" -[[ $I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY == "true" ]] \ - || die "You have not properly read the config. Edit the config file and set I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=true to continue." + # shellcheck disable=SC1090 + source "$CONFIG" || die "Could not source config" + [[ $I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY == "true" ]] \ + || die "You have not properly read the config. Edit the config file and set I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=true to continue." + + preprocess_config +fi -preprocess_config [[ $EUID == 0 ]] \ || die "Must be root" diff --git a/scripts/functions.sh b/scripts/functions.sh index 37add51..a809085 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -47,6 +47,9 @@ function check_config() { } function preprocess_config() { + # Check encryption key if used + [[ $USED_ENCRYPTION == "true" ]] \ + && check_encryption_key disk_configuration check_config } @@ -79,17 +82,37 @@ function prepare_installation_environment() { # Check for existence of required programs check_has_programs "${needed_programs[@]}" - # Check encryption key if used - [[ $USED_ENCRYPTION == "true" ]] \ - && check_encryption_key - # Sync time now to prevent issues later sync_time } function check_encryption_key() { - [[ -n "${GENTOO_INSTALL_ENCRYPTION_KEY+set}" ]] \ - || die "You are using encryption but GENTOO_INSTALL_ENCRYPTION_KEY is unset or empty. Export it before running this script." + if [[ -n "${GENTOO_INSTALL_ENCRYPTION_KEY+set}" ]]; then + elog "You have enabled encryption, but haven't specified a key in the environment variable GENTOO_INSTALL_ENCRYPTION_KEY." + if ask "Do you want to enter an encryption key now?"; then + local encryption_key_1 + local encryption_key_2 + + while true; do + flush_stdin + read -s -r -p "Enter encryption key: " encryption_key_1 \ + || die "Error in read" + + [[ ${#encryption_key_1} -ge 8 ]] \ + || { ewarn "Your encryption key must be at least 8 characters long."; continue; } + + flush_stdin + read -s -r -p "Repeat encryption key: " encryption_key_2 \ + || die "Error in read" + + [[ "$encryption_key_1" == "$encryption_key_2" ]] \ + || { ewarn "Encryption keys mismatch."; continue; } + done + export GENTOO_INSTALL_ENCRYPTION_KEY="$encryption_key_1" + else + die "Please export GENTOO_INSTALL_ENCRYPTION_KEY with the desired key." + fi + fi [[ ${#GENTOO_INSTALL_ENCRYPTION_KEY} -ge 8 ]] \ || die "Your encryption key must be at least 8 characters long." diff --git a/scripts/utils.sh b/scripts/utils.sh index b4a551d..561cba2 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -332,8 +332,8 @@ function check_has_programs() { [[ "${#failed[@]}" -eq 0 ]] \ && return - echo "The following programs are required for the installer to work, but are currently missing on your system:" >&2 - echo " ${failed[*]}" >&2 + elog "The following programs are required for the installer to work, but are currently missing on your system:" >&2 + elog " ${failed[*]}" >&2 if type pacman &>/dev/null; then declare -A pacman_packages @@ -341,7 +341,7 @@ function check_has_programs() { [ntpd]=ntp [zfs]="" ) - echo "We have detected that pacman is available." + elog "We have detected that pacman is available." if ask "Do you want to install the missing programs automatically?"; then local packages local need_zfs=false @@ -362,8 +362,8 @@ function check_has_programs() { pacman -Sy "${packages[@]}" if [[ "$need_zfs" == true ]]; then - echo "On an Arch live-stick you need the archzfs repository and some tools and modifications to use zfs." - echo "There is an automated installer available at https://eoli3n.github.io/archzfs/init." + elog "On an Arch live-stick you need the archzfs repository and some tools and modifications to use zfs." + elog "There is an automated installer available at https://eoli3n.github.io/archzfs/init." if ask "Do you want to automatically download and execute this zfs installation script?"; then curl -s "https://eoli3n.github.io/archzfs/init" | bash fi