kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 19:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update easy-arch.sh

Browse source
This commit is contained in:
Tommaso Chiti 2021-04-16 15:59:42 +02:00 committed by GitHub
parent d55614671e
commit 89493b0854
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
easy-arch.sh
View file

@ -75,7 +75,7 @@ echo "Formatting the EFI Partition as FAT32."
mkfs.fat -F 32 $ESP &>/dev/null mkfs.fat -F 32 $ESP &>/dev/null
# Creating a LUKS Container for the root partition. # Creating a LUKS Container for the root partition.
echo "Creating LUKS Container for the root partition." echo "Creating LUKS Container for the root partition"
cryptsetup --type luks1 luksFormat $Cryptroot cryptsetup --type luks1 luksFormat $Cryptroot
echo "Opening the newly created LUKS Container." echo "Opening the newly created LUKS Container."
cryptsetup open $Cryptroot cryptroot cryptsetup open $Cryptroot cryptroot
@ -142,7 +142,7 @@ EOF
echo "Configuring /etc/mkinitcpio.conf for LUKS hook." echo "Configuring /etc/mkinitcpio.conf for LUKS hook."
sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block encrypt filesystems,g' /mnt/etc/mkinitcpio.conf sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block encrypt filesystems,g' /mnt/etc/mkinitcpio.conf
# Setting up LUKS Keyfile, BTRFS Booting and encryption in grub/initramfs. # Setting up LUKS Keyfile, BTRFS Booting and encryption in GRUB and initramfs.
UUID=$(blkid $Cryptroot | cut -f2 -d'"') UUID=$(blkid $Cryptroot | cut -f2 -d'"')
sed -i -e "s/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/" /mnt/etc/default/grub sed -i -e "s/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/" /mnt/etc/default/grub
echo -e "\n# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub echo -e "\n# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
@ -150,9 +150,9 @@ dd bs=512 count=4 if=/dev/random of=/mnt/root/cryptroot.keyfile iflag=fullblock
chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null
cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile
sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub
sed -i "s#FILES=()#FILES=(/root/cryptroot.keyfile)#g" /mnt/etc/mkinitcpio.conf sed -i "s,FILES=(),FILES=(/root/cryptroot.keyfile)" /mnt/etc/mkinitcpio.conf
#Security kernel settings # Security kernel settings.
echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
echo "kernel.kexec_load_disabled = 1" > /mnt/etc/sysctl.d/51-kexec-restrict.conf echo "kernel.kexec_load_disabled = 1" > /mnt/etc/sysctl.d/51-kexec-restrict.conf
cat << EOF >> /mnt/etc/sysctl.d/10-security.conf cat << EOF >> /mnt/etc/sysctl.d/10-security.conf