From 99bad8c056a18c9f6421784e6ee71398c5ffe906 Mon Sep 17 00:00:00 2001 From: Samuel Cantero Date: Wed, 4 May 2016 13:18:43 -0400 Subject: [PATCH] Fix some env variables and add LUKS and ecryptfs support The hostname for install a new host with LUKS and ecryptfs support is called "sfreetop*". The new classes have been added: LUKS and ECRYPTFS. --- class/50-host-classes | 4 +++- class/FAIBASE.var | 10 +++++----- disk_config/LUKS | 13 +++++++++++++ package_config/DEFAULT | 5 ++--- package_config/ECRYPTFS | 2 ++ package_config/FAIBASE | 1 - scripts/ECRYPTFS/10-misc | 16 ++++++++++++++++ 7 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 disk_config/LUKS create mode 100644 package_config/ECRYPTFS create mode 100755 scripts/ECRYPTFS/10-misc diff --git a/class/50-host-classes b/class/50-host-classes index a5a5e01..ef4d746 100755 --- a/class/50-host-classes +++ b/class/50-host-classes @@ -56,7 +56,9 @@ case $HOSTNAME in freetop*) echo "FAIBASE $GRUB NW_MGR SYSADMIN XORG TRISQUEL WORKSTATION LAPTOP 3DPRINT" ;; - + sfreetop*) + echo "FAIBASE $GRUB NW_MGR SYSADMIN XORG TRISQUEL WORKSTATION LAPTOP 3DPRINT LUKS ECRYPTFS" + ;; libretop*) echo "FAIBASE $GRUB NW_MGR SYSADMIN XORG TRISQUEL WORKSTATION LAPTOP LPCONF" ;; diff --git a/class/FAIBASE.var b/class/FAIBASE.var index 6508335..32a1bd8 100644 --- a/class/FAIBASE.var +++ b/class/FAIBASE.var @@ -4,7 +4,7 @@ FAI_ALLOW_UNSIGNED=1 CONSOLEFONT= -KEYMAP=us-latin1 +KEYMAP=us # Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not. UTC=yes @@ -24,12 +24,12 @@ MODULESLIST="usbkbd ehci-hcd ohci-hcd uhci-hcd usbhid psmouse" STOP_ON_ERROR=700 # use the new partitioning tool -USE_SETUP_STORAGE=1 +#USE_SETUP_STORAGE=1 # These values need to be in both fai.conf and the config space: -FAI_CONFIG_SRC=https://vcs.fsf.org/git/fai-configs.git +#FAI_CONFIG_SRC=https://vcs.fsf.org/git/fai-configs.git -MNTPOINT=/srv/fai/mirror +#MNTPOINT=/srv/fai/mirror -FAI=/srv/fai/config +#FAI=/srv/fai/config diff --git a/disk_config/LUKS b/disk_config/LUKS new file mode 100644 index 0000000..e6a0400 --- /dev/null +++ b/disk_config/LUKS @@ -0,0 +1,13 @@ +disk_config disk1 + +primary /boot 500 ext4 rw +primary - 12G - - +primary /home 100-100% xfs rw + +disk_config cryptsetup +luks:"fsfluks" - disk1.2 - - + +disk_config lvm +vg fsf disk1.2 +fsf-root / 4096- ext4 rw,errors=remount-ro +fsf-swap swap 2G swap sw diff --git a/package_config/DEFAULT b/package_config/DEFAULT index c37840d..1f51e83 100644 --- a/package_config/DEFAULT +++ b/package_config/DEFAULT @@ -5,10 +5,9 @@ memtest86 PACKAGES aptitude CHROOT linux-image-generic - PACKAGES aptitude AMD64 -linux-image-generic initramfs-tools -memtest86 +linux-image-4.2.0-35-lowlatency initramfs-tools +#memtest86 PACKAGES aptitude XEN xen-linux-system-2.6.26-2-xen-amd64 diff --git a/package_config/ECRYPTFS b/package_config/ECRYPTFS new file mode 100644 index 0000000..f58e092 --- /dev/null +++ b/package_config/ECRYPTFS @@ -0,0 +1,2 @@ +PACKAGES aptitude ECRYPTFS +ecryptfs-utils diff --git a/package_config/FAIBASE b/package_config/FAIBASE index 6dee473..1550674 100644 --- a/package_config/FAIBASE +++ b/package_config/FAIBASE @@ -27,7 +27,6 @@ lvm2 git manpages man-db -rsyslog- syslog-ng autoconf automake diff --git a/scripts/ECRYPTFS/10-misc b/scripts/ECRYPTFS/10-misc new file mode 100755 index 0000000..f7a84ca --- /dev/null +++ b/scripts/ECRYPTFS/10-misc @@ -0,0 +1,16 @@ +#! /bin/bash + +# Set the hostname +if [ -n $HOSTNAME ]; then + echo $HOSTNAME > $target/etc/hostname +fi + +# Bug fix: ecryptfs needs /etc/mtab +$ROOTCMD touch /etc/mtab +# Create a local admin user +$ROOTCMD adduser --disabled-password --gecos "" --shell /bin/bash --encrypt-home fsf 2> /dev/null +$ROOTCMD echo -e "fsf\nfsf" | passwd fsf + +#$ROOTCMD adduser --disabled-password --gecos "" --shell /bin/bash fsf +#$ROOTCMD echo -e "fsf\nfsf" | passwd fsf +#$ROOTCMD sudo -u fsf -H bash -c "ecryptfs-setup-private -u fsf -l fsf -m ' '" -- 2.25.1