manuel
/
gentoo-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Read encryption key when starting installation if not given otherwise; 

Clarify readme
This commit is contained in:
oddlama 2021-05-31 17:11:39 +02:00
parent 533ddc22f7
commit 68a128153c
No known key found for this signature in database
GPG Key ID: 14EFE510775FE39A
5 changed files with 63 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -6,10 +6,13 @@ edited by hand if desired. An example configuration is provided with the reposit
## Quick start ## Quick start
1. Download a copy or clone this repo First, boot into a live environment of your choice. I recommend using an [Arch Linux](https://www.archlinux.org/download/) live iso,
1. Run `./configure` and save your configuration as the installer will then be able to automatically download required programs or setup zfs support on the fly. After that,
1. When using encryption, export your desired key with `export GENTOO_INSTALL_ENCRYPTION_KEY='mypassword'` proceed with the following steps:
1. Run installation using `./install`
1. Either clone this repo or download and extract a copy
1. Run `./configure` and save your desired configuration
1. Begin installation using `./install`
Every option is explained in detail in `gentoo.conf.example` and in the help menu popups in the configurator. Every option is explained in detail in `gentoo.conf.example` and in the help menu popups in the configurator.
When installing, you will be asked to review the partitioning before anything critical is done. When installing, you will be asked to review the partitioning before anything critical is done.
@ -22,21 +25,21 @@ and OpenRC as the init system.
The system will use `sys-kernel/gentoo-kernel-bin`, which should be suitable The system will use `sys-kernel/gentoo-kernel-bin`, which should be suitable
to boot most systems out of the box. It is strongly recommend to replace this kernel to boot most systems out of the box. It is strongly recommend to replace this kernel
with a custom built one, when the system is functional. If you are looking for a way with a custom built one, when the system is functional.
to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel).
1. Partition disks (supports gpt, raid, luks) 1. Partition disks (supports gpt, raid, luks)
1. Download and cryptographically verify the newest stage3 tarball 1. Download and cryptographically verify the newest stage3 tarball
1. Extract the stage3 tarball 1. Extract the stage3 tarball
1. Sync portage tree 1. Sync portage tree
1. Configure portage (create zz-autounmask files, configure MAKEOPTS, EMERGE_DEFAULT_OPTS) 1. Configure portage (create zz-autounmask files, configure `make.conf`)
1. Select the fastest gentoo mirrors 1. Select the fastest gentoo mirrors if desired
1. Configure the base system 1. Configure the base system (timezone, keymap, locales, ...)
1. Install git and other required tools (e.g. zfs if you have used zfs) 1. Install git and other required tools (e.g. zfs if you have used zfs)
1. Install `sys-kernel/gentoo-kernel-bin` (until you replace it) 1. Install `sys-kernel/gentoo-kernel-bin` (until you can compile your own)
1. Generate an initramfs with dracut 1. Generate an initramfs with dracut
1. Create efibootmgr entry or install syslinux depending on whether your system uses EFI or BIOS 1. Create efibootmgr entry or install syslinux depending on whether your system uses EFI or BIOS
1. Generate a basic fstab 1. Generate fstab
1. (Optional components from below)
1. Asks if a root password should be set 1. Asks if a root password should be set
Also, optionally the following will be done: Also, optionally the following will be done:
@ -57,6 +60,8 @@ want to consider doing after the base system installation is finished:
- Set `FEATURES="buildpkg"` if you want to build binary packages - Set `FEATURES="buildpkg"` if you want to build binary packages
* Use a safe umask like `umask 0077` * Use a safe umask like `umask 0077`
If you are looking for a way to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel).
## Usage ## Usage
Installing gentoo with this script is simple. Installing gentoo with this script is simple.

4
configure vendored
View File

@ -832,7 +832,7 @@ function PARTITIONING_ROOT_FS_menu() {
function PARTITIONING_USE_LUKS_tag() { echo " ├ Use LUKS"; } function PARTITIONING_USE_LUKS_tag() { echo " ├ Use LUKS"; }
function PARTITIONING_USE_LUKS_label() { on_off_label "$PARTITIONING_USE_LUKS" " ├ "; } function PARTITIONING_USE_LUKS_label() { on_off_label "$PARTITIONING_USE_LUKS" " ├ "; }
function PARTITIONING_USE_LUKS_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "classic_single_disk" "btrfs_centric"; } function PARTITIONING_USE_LUKS_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "classic_single_disk" "btrfs_centric"; }
function PARTITIONING_USE_LUKS_help() { echo "Determines if LUKS will be used to encrypt your root partition. Export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing."; } function PARTITIONING_USE_LUKS_help() { echo "Determines if LUKS will be used to encrypt your root partition. You can export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing if you don't want to be asked."; }
function PARTITIONING_USE_LUKS_menu() { function PARTITIONING_USE_LUKS_menu() {
on_off_toggle "PARTITIONING_USE_LUKS" on_off_toggle "PARTITIONING_USE_LUKS"
UNSAVED_CHANGES=true UNSAVED_CHANGES=true
@ -841,7 +841,7 @@ function PARTITIONING_USE_LUKS_menu() {
function PARTITIONING_ZFS_ENCRYPTION_tag() { echo " ├ ZFS Encryption"; } function PARTITIONING_ZFS_ENCRYPTION_tag() { echo " ├ ZFS Encryption"; }
function PARTITIONING_ZFS_ENCRYPTION_label() { on_off_label "$PARTITIONING_ZFS_ENCRYPTION" " ├ "; } function PARTITIONING_ZFS_ENCRYPTION_label() { on_off_label "$PARTITIONING_ZFS_ENCRYPTION" " ├ "; }
function PARTITIONING_ZFS_ENCRYPTION_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "zfs_centric" && one_of "$PARTITIONING_ZFS_POOL_TYPE" "standard"; } function PARTITIONING_ZFS_ENCRYPTION_show() { [[ $PARTITIONING_SCHEME != "custom" ]] && one_of "$PARTITIONING_SCHEME" "zfs_centric" && one_of "$PARTITIONING_ZFS_POOL_TYPE" "standard"; }
function PARTITIONING_ZFS_ENCRYPTION_help() { echo "Determines if ZFS encryption will be used to encrypt your root partition. Export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing."; } function PARTITIONING_ZFS_ENCRYPTION_help() { echo "Determines if ZFS encryption will be used to encrypt your root partition. You can export the desired encryption key via export GENTOO_INSTALL_ENCRYPTION_KEY='...' before installing if you don't want to be asked."; }
function PARTITIONING_ZFS_ENCRYPTION_menu() { function PARTITIONING_ZFS_ENCRYPTION_menu() {
on_off_toggle "PARTITIONING_ZFS_ENCRYPTION" on_off_toggle "PARTITIONING_ZFS_ENCRYPTION"
UNSAVED_CHANGES=true UNSAVED_CHANGES=true

15
install
View File

@ -109,16 +109,19 @@ if [[ -z "$ACTION" ]]; then
fi fi
fi fi
# Load config # Load config if we aren't just chrooting
[[ -e "$CONFIG" ]] \ if [[ -e "$CONFIG" ]]; then
[[ "$ACTION" == "chroot" ]] \
|| die "Configuration file '$CONFIG' does not exist. To run the configurator, omit '-i' or " || die "Configuration file '$CONFIG' does not exist. To run the configurator, omit '-i' or "
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "$CONFIG" || die "Could not source config" source "$CONFIG" || die "Could not source config"
[[ $I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY == "true" ]] \ [[ $I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY == "true" ]] \
|| die "You have not properly read the config. Edit the config file and set I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=true to continue." || die "You have not properly read the config. Edit the config file and set I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=true to continue."
preprocess_config preprocess_config
fi
[[ $EUID == 0 ]] \ [[ $EUID == 0 ]] \
|| die "Must be root" || die "Must be root"

35
scripts/functions.sh
View File

@ -47,6 +47,9 @@ function check_config() {
} }
function preprocess_config() { function preprocess_config() {
# Check encryption key if used
[[ $USED_ENCRYPTION == "true" ]] \
&& check_encryption_key
disk_configuration disk_configuration
check_config check_config
} }
@ -79,17 +82,37 @@ function prepare_installation_environment() {
# Check for existence of required programs # Check for existence of required programs
check_has_programs "${needed_programs[@]}" check_has_programs "${needed_programs[@]}"
# Check encryption key if used
[[ $USED_ENCRYPTION == "true" ]] \
&& check_encryption_key
# Sync time now to prevent issues later # Sync time now to prevent issues later
sync_time sync_time
} }
function check_encryption_key() { function check_encryption_key() {
[[ -n "${GENTOO_INSTALL_ENCRYPTION_KEY+set}" ]] \ if [[ -n "${GENTOO_INSTALL_ENCRYPTION_KEY+set}" ]]; then
|| die "You are using encryption but GENTOO_INSTALL_ENCRYPTION_KEY is unset or empty. Export it before running this script." elog "You have enabled encryption, but haven't specified a key in the environment variable GENTOO_INSTALL_ENCRYPTION_KEY."
if ask "Do you want to enter an encryption key now?"; then
local encryption_key_1
local encryption_key_2
while true; do
flush_stdin
read -s -r -p "Enter encryption key: " encryption_key_1 \
|| die "Error in read"
[[ ${#encryption_key_1} -ge 8 ]] \
|| { ewarn "Your encryption key must be at least 8 characters long."; continue; }
flush_stdin
read -s -r -p "Repeat encryption key: " encryption_key_2 \
|| die "Error in read"
[[ "$encryption_key_1" == "$encryption_key_2" ]] \
|| { ewarn "Encryption keys mismatch."; continue; }
done
export GENTOO_INSTALL_ENCRYPTION_KEY="$encryption_key_1"
else
die "Please export GENTOO_INSTALL_ENCRYPTION_KEY with the desired key."
fi
fi
[[ ${#GENTOO_INSTALL_ENCRYPTION_KEY} -ge 8 ]] \ [[ ${#GENTOO_INSTALL_ENCRYPTION_KEY} -ge 8 ]] \
|| die "Your encryption key must be at least 8 characters long." || die "Your encryption key must be at least 8 characters long."

10
scripts/utils.sh
View File

@ -332,8 +332,8 @@ function check_has_programs() {
[[ "${#failed[@]}" -eq 0 ]] \ [[ "${#failed[@]}" -eq 0 ]] \
&& return && return
echo "The following programs are required for the installer to work, but are currently missing on your system:" >&2 elog "The following programs are required for the installer to work, but are currently missing on your system:" >&2
echo " ${failed[*]}" >&2 elog " ${failed[*]}" >&2
if type pacman &>/dev/null; then if type pacman &>/dev/null; then
declare -A pacman_packages declare -A pacman_packages
@ -341,7 +341,7 @@ function check_has_programs() {
[ntpd]=ntp [ntpd]=ntp
[zfs]="" [zfs]=""
) )
echo "We have detected that pacman is available." elog "We have detected that pacman is available."
if ask "Do you want to install the missing programs automatically?"; then if ask "Do you want to install the missing programs automatically?"; then
local packages local packages
local need_zfs=false local need_zfs=false
@ -362,8 +362,8 @@ function check_has_programs() {
pacman -Sy "${packages[@]}" pacman -Sy "${packages[@]}"
if [[ "$need_zfs" == true ]]; then if [[ "$need_zfs" == true ]]; then
echo "On an Arch live-stick you need the archzfs repository and some tools and modifications to use zfs." elog "On an Arch live-stick you need the archzfs repository and some tools and modifications to use zfs."
echo "There is an automated installer available at https://eoli3n.github.io/archzfs/init." elog "There is an automated installer available at https://eoli3n.github.io/archzfs/init."
if ask "Do you want to automatically download and execute this zfs installation script?"; then if ask "Do you want to automatically download and execute this zfs installation script?"; then
curl -s "https://eoli3n.github.io/archzfs/init" | bash curl -s "https://eoli3n.github.io/archzfs/init" | bash
fi fi