Skip to content

Commit

Permalink
crypt: resize partitions before encrypting them. minor bugfixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@sysrich
sysrich committed Jun 15, 2024
1 parent 12a0833 commit 9177d8b
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions usr/lib/tik/modules/post/10-encrypt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,24 +27,34 @@ encrypt_disk() {
fi
prun /usr/bin/mkdir ${mig_dir}/mnt
prun /usr/bin/mount -o compress=zstd:1 ${probedpart} ${mig_dir}/mnt
prun /usr/bin/systemd-repart --pretty 0 --root ${mig_dir}/mnt --dry-run=0 ${probedpart}
prun /usr/bin/mount -o compress=zstd:1,subvol=/@/var ${probedpart} ${mig_dir}/mnt/var
prun /lib/systemd/systemd-growfs ${mig_dir}/mnt/var
prun /usr/bin/umount ${mig_dir}/mnt/var
prun /usr/sbin/btrfs filesystem resize -32m /mnt
prun /usr/bin/umount ${mig_dir}/mnt
prun /usr/sbin/cryptsetup reencrypt --force-password --encrypt --reduce-device-size 32m ${probedpart} cr_root <<<"$key"
echo '{"type":"systemd-recovery","keyslots":["0"]}' | prun /usr/sbin/cryptsetup token import "${probedpart}"
prun /usr/sbin/btrfs rescue fix-device-size /dev/mapper/cr_root
prun /usr/bin/mount -o compress=zstd:1 /dev/mapper/cr_root ${mig_dir}/mnt
prun /usr/bin/mount -o compress=zstd:1,subvol=/@/var ${probedpart} ${mig_dir}/mnt/var
prun /usr/bin/mount -o compress=zstd:1,subvol=/@/var /dev/mapper/cr_root ${mig_dir}/mnt/var
etcmountcmd=$(cat ${mig_dir}/mnt/etc/fstab | grep "overlay /etc" | sed 's/\/sysroot\//${mig_dir}\/mnt\//g' | sed 's/\/work-etc.*/\/work-etc ${mig_dir}\/mnt\/etc\//' | sed 's/overlay \/etc overlay/\/usr\/bin\/mount -t overlay overlay -o/')
eval prun "$etcmountcmd"
echo "cr_root ${probedpart} none x-initrd.attach" | prun tee ${mig_dir}/mnt/etc/crypttab
probe_partitions $TIK_INSTALL_DEVICE "vfat" "/EFI/systemd/shim.efi"
prun /usr/bin/mount ${probedpart} ${mig_dir}/mnt/boot/efi
prun /usr/bin/mount -o compress=zstd:1,subvol=/@/.snapshots /dev/mapper/cr_root ${mig_dir}/mnt/.snapshots
prun /usr/bin/mount -t tmpfs -o size=10m tmpfs "${mig_dir}/mnt/run"
prun /usr/bin/mount -t tmpfs -o size=10m tmpfs "${mig_dir}/mnt/tmp"
for i in proc dev sys; do
prun /usr/bin/mount --bind "/$i" "${mig_dir}/mnt/$i"
done
prun /usr/bin/chroot ${mig_dir}/mnt <<EOT
sdbootutil mkinitrd
EOT
prun /usr/bin/umount ${mig_dir}/mnt/boot/efi
prun /usr/bin/umount ${mig_dir}/mnt/etc
prun /usr/bin/umount ${mig_dir}/mnt/var
for i in proc dev sys run tmp boot/efi etc var .snapshots; do
prun /usr/bin/umount "${mig_dir}/mnt/$i"
done
prun /usr/bin/umount ${mig_dir}/mnt
prun /usr/bin/rmdir ${mig_dir}/mnt
}
Expand Down

0 comments on commit 9177d8b

Please sign in to comment.