diff options
| -rwxr-xr-x | bin/yoda | 201 |
1 files changed, 201 insertions, 0 deletions
diff --git a/bin/yoda b/bin/yoda new file mode 100755 index 0000000..db1e2ad --- /dev/null +++ b/bin/yoda @@ -0,0 +1,201 @@ +#!/bin/sh +# Setup an archlinux system to a media + +version='yoda-0.1' + +help() { + echo 'usage: yoda [-CFV] [-H host] dev +Install arch to a bootable dev. Media dev is entirely erased then +provisionned with an EFI boot partition and a root partition. + +The following steps are performed: +0: prepare device (erase/randomize). Long. +1: partition a 256MB GPT boot and a root partition (the rest) +2: encrypt root partition (dm-crypt + LUKS) +3: format partitions +4: mount partitions +5: install phase 1 (pacstrap) +6: install phase 2 (chroot actions) + +options: +-C crypt root partition with dm-crypt+LUKS +-F format root filesystem without journal (USB-Flash) +-H host set hostnanme to host +-S steps skips some steps (i.e. -S 02 to avoid crypt) +-V print version +' +} + +die() { echo "$0: fatal: $@" >&2; exit 1; } + +# return 1 in any of arg is to be skipped, 0 otherwise +skip() { + for i; do + case $toskip in (*$i*) return 0;; esac + done + return 1 +} + +# Step 0: Prepare by wiping all data and randomize (very long). +step0() { + cryptsetup open --type plain -d /dev/urandom "$dev" to_be_wiped + dd if=/dev/zero of=/dev/mapper/to_be_wiped bs=1M status=progress || true + cryptsetup close to_be_wiped +} + +# Step 1: Partitions: GPT boot EFI 256 MB, encrypted root: all the rest. +step1() { + fdisk "$dev" << \EOT +g +n + + ++256M +t +1 +n + + + +p +w +EOT +} + +# Step 2: Encrypt root partition. +step2() { + rootpart="/dev/mapper/$par" + cryptsetup -y -v luksFormat ${dev}2 + cryptsetup open ${dev}2 $par +} + +# Step 3: Format partitions. +step3() { + mkfs.fat -F32 "${dev}1" + yes | mkfs.ext4 "$rootpart" +} + +# Step 4: Mount partitions. +step4() { + mount "$rootpart" /mnt + mkdir /mnt/boot + mount ${dev}1 /mnt/boot + trap cleanup EXIT +} + +# Step 5: install some packages. +step5() { + #pacstrap /mnt base linux linux-firmware vi wireless_tools wpa_supplicant + pacstrap /mnt base mkinitcpio + genfstab -U /mnt > /mnt/etc/fstab +} + +# Step 6: further configs +step6() { + # Remove root password. + sed -i -r 's/^root:[^:]+:/root::/' /mnt/etc/shadow + + # Configure initramfs + skip 2 && + hooks="base udev autodetect modconf block filesystems keyboard fsck" || + hooks="base systemd keyboard sd-vconsole modconf block autodetect sd-encrypt filesystems fsck" + cat > /mnt/etc/mkinitcpio.conf << EOT +MODULES=() +BINARIES=() +FILES=() +HOOKS=($hooks) +EOT + + cat > /mnt/etc/mkinitcpio.d/linux.preset << \EOT +# mkinitcpio preset file for the 'linux' package + +ALL_config="/etc/mkinitcpio.conf" +ALL_kver="/boot/vmlinuz-linux" + +PRESETS=('default') + +#default_config="/etc/mkinitcpio.conf" +default_image="/boot/initramfs-linux.img" +#default_options="" +EOT + + cat > /mnt/etc/hosts << \EOT +127.0.0.1 localhost +::1 localhost +127.0.1.1 yoda.localdomain yoda +EOT + + cat > /mnt/etc/locale.gen << \EOT +en_US.UTF-8 UTF-8 +fr_FR.UTF-8 UTF-8 +EOT + + echo yoda > /mnt/etc/hostname + echo 'KEYMAP=fr-latin1' > /mnt/etc/vconsole.conf + echo 'LANG=en_US.UTF-8' > /mnt/etc/locale.conf + ln -sf /usr/share/zoneinfo/Europe/Paris /mnt/etc/localtime + + arch-chroot /mnt << \EOT +locale-gen +pacman --noconfirm -S linux linux-firmware vi wireless_tools wpa_supplicant +bootctl --path=/boot install +EOT + + cat > /mnt/boot/loader/loader.conf << \EOT +default arch +timeout 4 +console-mode max +EOT + + if skip 2; then + uid=$(blkid -p -s UUID -o value "${dev}2") + rdopt="root=/dev/disk/by-uuid/$uid" + else + uid=$(blkid -p -s UUID -o value "${dev}2") + rdopt="rd.luks.name=$uid=root root=/dev/mapper/root" + fi + cat > /mnt/boot/loader/entries/arch.conf << EOT +title Yoda Arch Linux +linux /vmlinuz-linux +initrd /initramfs-linux.img +options $rdopt net.ifnames=0 rw +EOT +} + +cleanup() { + echo "Flushing and unmounting $dev" + umount /mnt/boot /mnt + cryptsetup close "$par" + echo "$dev is ready" +} + +# Main +while getopts :CFH:S:V opt; do + case $opt in + (C) crypto=1 ;; + (F) flash=1 ;; + (H) hostname=$OPTARG ;; + (S) toskip="$toskip$OPTARG" ;; + (V) echo $version && exit ;; + (*) help; exit 1 ;; + esac +done +shift $((OPTIND - 1)) + +[ "$(id -u)" = 0 ] || die "not root" +[ "$1" ] && dev=$1 || die 'no device' +par=${dev##*/}root +rootpart="${dev}2" + +echo -n "Device $dev will be completely erased. Continue ? Y/N " +read -r resp && [ "$resp" = 'Y' ] || exit + +skip 0 || step0 +skip 1 || step1 +skip 2 || step2 +skip 3 || step3 +skip 4 || step4 +skip 5 || step5 +skip 6 || step6 + +# vim: ts=2 sw=2 et |