~alpine/devel

alpine-conf: Support encrypted root in setup-disk v1 PROPOSED

Drew DeVault: 1
 Support encrypted root in setup-disk

 1 files changed, 40 insertions(+), 1 deletions(-)
Richard Mortier <mort@cantab.net>
Trying to take a look but doesn't seem to apply cleanly to master for
me -- I may be driving git wrong though.
Not familiar with dm-crypt but looking through the patch, it seems plausible.
Possibly need to add "e" to the parameter list to getopts?
On Mon, 23 Sep 2019 at 21:25, Drew DeVault <sir@cmpwn.com> wrote:
Next
Actually, it seems to apply cleanly to me. Try this command:

curl -s https://lists.alpinelinux.org/~alpine/devel/%3C20190424160230.26544-1-sir%40cmpwn.com%3E/raw | git am -3

Richard Mortier <mort@cantab.net>
Huh, notwithstanding git appearing to give me errors, at least one of
the combinations of apply/am/mailinfo that I tried seemed to have in
fact worked. Sigh. One day I'll learn how to use git properly... :)

One other query - I don't understand the #TODO message...?
Don't have a machine handy to try it on but like I said, seems ok to
me, and if you've been using it for a while then SGTM.

Thanks!

On Wed, 25 Sep 2019 at 14:58, Drew DeVault <sir@cmpwn.com> wrote:
Next
Richard Mortier <mort@cantab.net>
Ah ok; FWIW I didn't interpret it like that.

I think the only other query I'd have is whether that interactive
block can be entered even if the user has specified -e -- if so, seems
odd to ask when they've already told you.

On Wed, 25 Sep 2019 at 15:13, Drew DeVault <sir@cmpwn.com> wrote:
Next
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.alpinelinux.org/~alpine/devel/patches/769/mbox | git am -3
Learn more about email & git

[alpine-devel] [PATCH alpine-conf] Support encrypted root in setup-disk Export this patch

---
 setup-disk.in | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/setup-disk.in b/setup-disk.in
index 5eb8638..1f66230 100644
--- a/setup-disk.in
+++ b/setup-disk.in
@@ -402,6 +402,9 @@ install_mounted_root() {
		esac
	done

	if [ "$USE_CRYPT" ]; then
		initfs_features="${initfs_features% cryptsetup} cryptsetup"
	fi

	if [ -n "$VERBOSE" ]; then
		echo "Root device:     $rootdev"
@@ -442,6 +445,11 @@ install_mounted_root() {
	if [ -n "$(get_bootopt nomodeset)" ]; then
		kernel_opts="nomodeset $kernel_opts"
	fi
	if [ "$USE_CRYPT" ]; then
		root=$(cryptsetup status "$rootdev" | grep "device:" | awk '{ print $2 }')
		kernel_opts="cryptroot=$root cryptdm=root"
		root=/dev/mapper/root
	fi
	modules="sd-mod,usb-storage,${root_fs}${raidmod}"

	# generate the fstab
@@ -503,6 +511,10 @@ unmount_partitions() {

	# unmount the partitions
	umount $(awk '{print $2}' /proc/mounts | egrep "^$mnt(/|\$)" | sort -r)

	if [ "$USE_CRYPT" ]; then
		cryptsetup close /dev/mapper/root
	fi
}

# figure out decent default swap size in mega bytes
@@ -994,6 +1006,18 @@ native_disk_install_lvm() {
	setup_root $root_dev $BOOT_DEV
}

setup_crypt() {
	mkdir -p /run/cryptsetup
	echo "Preparing root partition for encryption." >&2
	echo "You will be prompted for your password at boot." >&2
	echo "If you forget your password, your data will be lost." >&2
	cryptsetup luksFormat --type luks2 "$1" >&2
	echo "Enter password again to unlock disk for installation." >&2
	cryptsetup open "$1" root >&2
	cryptroot="$1"
	echo "/dev/mapper/root"
}

native_disk_install() {
	local prep_part_type=$(partition_id prep)
	local root_part_type=$(partition_id linux)
@@ -1065,6 +1089,10 @@ native_disk_install() {
		root_dev=$(find_nth_non_boot_parts $index "$root_part_type" $@)
	fi

	if [ "$USE_CRYPT" ]; then
		root_dev=$(setup_crypt $root_dev)
	fi

	[ $SWAP_SIZE -gt 0 ] && setup_swap_dev $swap_dev
	setup_root $root_dev $BOOT_DEV $@
}
@@ -1143,7 +1171,7 @@ ask_disk() {

usage() {
	cat <<-__EOF__
		usage: setup-disk [-hLqrv] [-k kernelflavor] [-m MODE] [-o apkovl] [-s SWAPSIZE]
		usage: setup-disk [-hLqrve] [-k kernelflavor] [-m MODE] [-o apkovl] [-s SWAPSIZE]
		                  [MOUNTPOINT | DISKDEV...]

		Install alpine on harddisk.
@@ -1157,6 +1185,7 @@ usage() {

		options:
		 -h  Show this help
		 -e  Encrypt disk
		 -m  Use disk for MODE without asking, where MODE is either 'data' or 'sys'
		 -o  Restore system from given apkovl file
		 -k  Use kernelflavor instead of $KERNEL_FLAVOR
@@ -1198,6 +1227,7 @@ USE_LVM=
# Parse args
while getopts "hk:Lm:o:qrs:v" opt; do
	case $opt in
		e) USE_CRYPT=1;;
		m) DISK_MODE="$OPTARG";;
		k) KERNEL_FLAVOR="$OPTARG";;
		L) USE_LVM="_lvm";;
@@ -1290,6 +1320,15 @@ if [ -n "$diskdevs" ] && [ -z "$DISK_MODE" ]; then
		esac
	done
	DISK_MODE="$answer"
	# TODO: support encryption for more installation types
	if [ "$DISK_MODE" = "sys" ] && [ -z "$USE_LVM" ]; then
		echon "Would you like to encrypt $it_them? [y/N] "
		default_read answer '?'
		if yesno "$answer"
		then
			USE_CRYPT=1
		fi
	fi
fi

if [ -z "$SWAP_SIZE" ]; then
-- 
2.21.0



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Bump. Cc'ing recent committers to this repo.