From b6f024f50fc0b5708bcea0bd26f1bc5cee3e78fc Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Wed, 5 Jun 2019 14:32:37 +0000
Subject: initial system install on encrypted disk

---
 core/install.html | 101 +++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 65 insertions(+), 36 deletions(-)

(limited to 'core')

diff --git a/core/install.html b/core/install.html
index dfe218a..65b9148 100644
--- a/core/install.html
+++ b/core/install.html
@@ -43,13 +43,14 @@
         <h2 id="step2">1.1.2. Prepare target</h2>
 
         <p>Prepare disk or target location where new system will
-        be installed. Follow steps describe how to create efi and
-        separate partitions such as;
-        bios grub, EFI, boot, root, var, usr, swap and home.
+        be installed. Follow steps describe how to create efi system,
+        for bios_boot systems is only needed the boot partition in
+        the beginning of the disk and can use ext4 file system for example.
         For more information about gpt partitions table read
-        <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>.
-        Script <a href="scripts/setup-target.sh">setup-target.sh</a>
-        creates follow partitions;</p>
+        <a href="http://devil-detail.blogspot.com/2013/07/install-grub2-on-gpt-disk-dedicated-partition.html">devil-detail grub2 on gpt</a>. Script <a href="scripts/setup-target.sh">setup-target.sh</a> help to create partitions
+        scripts.</p>
+
+        </p>
 
         <p>Create gpt label and set unit size to use;</p>
 
@@ -93,14 +94,40 @@
 
         <h3>/</h3>
 
+        <p>There are different ways to achieve disk encryption,
+        the method described uses cryptosetup to create cryptodevice
+        with <a href="../tools/lvm.html">lvm</a> inside containing
+        root and other partitions such as;
+        var, usr, swap and home.
+
+        <pre>
+        (parted) mkpart primary 1132 100%
+        (parted) set 4 lvm on
+        </pre>
+
+        <p>Create encrypted block for lvm;</p>
+
+        <pre>
+        # modprobe dm-crypt
+        # cryptsetup luksFormat /dev/sda4
+        # cryptsetup luksOpen /dev/sda4 cryptlvm
+        </pre>
+
+        <p>Create physical group and volume group;</p>
+
+        <pre>
+        # pvcreate /dev/mapper/cryptlvm
+        vgcreate vg_system /dev/mapper/cryptlvm
+        </pre>
+
         <p>Core collection installation on root partition uses
         approximately 2G. Partition with 8G-20G is recommended
         for a server or desktop with dedicated ports partition
         or using only compiled packages. Partition size 20G;</p>
 
+
         <pre>
-        (parted) mkpart primary ext4 1132 21132
-        (parted) name 4 root
+        # lvcreate -L 20G -n lv_root vg_system
         </pre>
 
         <h3>/var</h3>
@@ -109,8 +136,7 @@
         system is configured. Partition size 2G;</p>
 
         <pre>
-        (parted) mkpart primary ext4 21132 23132
-        (parted) name 5 var
+        # lvcreate -L 2G -n lv_var vg_system
         </pre>
 
         <h3>Swap (ram)</h3>
@@ -119,27 +145,19 @@
         memory ram, ports system will be configured to build on ram.
         To build firefox is necessary at least 34G. Partition size 4G;</p>
 
-        <p>Is better to create swap partition later using
-        <a href="../tools/lvm.html">lvm</a>.</p>
-
         <pre>
-        (parted) mkpart primary linux-swap 23132 27132
-        (parted) name 6 swap
+        # lvcreate -L 4G -n lv_swap vg_system
         </pre>
 
 
         <h3>/home</h3>
 
-        <p>Home partition on desktop fill the rest of disk
-        space while on server this partition can be unnecessary.
+        <p>On desktop fill the rest of disk space while on server
+        this partition can be replaced with /srv.
         Fill the rest of disk space;</p>
 
-        <p>Is better to create home partition later using
-        <a href="../tools/lvm.html">lvm</a>.</p>
-
         <pre>
-        (parted) mkpart primary ext4 27132 100%
-        (parted) name 7 home
+        # lvcreate -L 120G -n lv_home vg_system
         </pre>
 
         <h3>Create filesystems</h3>
@@ -147,10 +165,10 @@
         <pre>
         $ sudo mkfs.fat -F 32 /dev/sda2
         $ sudo mkfs.ext4      /dev/sda3
-        $ sudo mkfs.ext4      /dev/sda4
-        $ sudo mkfs.ext4      /dev/sda5
-        $ sudo mkswap	      /dev/sda6
-        $ sudo mkfs.ext4      /dev/sda7
+        $ sudo mkfs.ext4      /dev/vg_system/lv_root
+        $ sudo mkfs.ext4      /dev/vg_system/lv_var
+        $ sudo mkswap	      /dev/vg_system/lv_swap
+        $ sudo mkfs.ext4      /dev/vg_system/lv_home
         </pre>
 
         <h2 id="step3">1.1.3. Prepare Install</h2>
@@ -161,19 +179,19 @@
         <a href="scripts/setup-core.sh">setup-core.sh</a>
         configure host metadata and setup ports;</p>
 
-	<p>Export target root partition;</p>
+        <p>Export target root partition;</p>
 
-	<pre>
-	$ export BLK_ROOT=/dev/sda
-	</pre>
+        <pre>
+        $ export BLK_ROOT=/dev/vg_system/lv_root
+        </pre>
 
-	<p>Export target root directory you want to install;</p>
+        <p>Export target root directory you want to install;</p>
 
         <pre>
         $ export CHROOT=/mnt
         </pre>
 
-	<p>If you are installing to a directory and not partitions you don't need to mount;</p>
+        <p>If you are installing to a directory and not partitions you don't need to mount;</p>
 
         <pre>
         $ sudo mount $BLK_ROOT $CHROOT
@@ -192,11 +210,11 @@
         $ sudo mkdir -p $CHROOT/tmp
         $ sudo mkdir -p $CHROOT/proc
         $ sudo mkdir -p $CHROOT/sys
-	</pre>
+        </pre>
 
-	<p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p>
+        <p>If partition layout is different or target is a directory is not necessary to mount, create only the directories;</p>
 
-	<pre>
+        <pre>
         $ sudo mount $BLK_BOOT $CHROOT/boot
         $ sudo mkdir -p $CHROOT/boot/efi
         $ sudo mount $BLK_EFI $CHROOT/boot/efi
@@ -297,6 +315,17 @@
         pkgadd /usr/ports/packages/efivar#*
         pkgadd /usr/ports/packages/efibootmgr#*
         pkgadd /usr/ports/packages/dosfstools#*
+        pkgadd /usr/ports/packages/ported#*
+        pkgadd /usr/ports/packages/libgcrypt#*
+        pkgadd /usr/ports/packages/cryptsetup#*
+        pkgadd /usr/ports/packages/popt#*
+        pkgadd /usr/ports/packages/libgpg-error#*
+        pkgadd /usr/ports/packages/libevent#*
+        pkgadd /usr/ports/packages/libtirpc#*
+        pkgadd /usr/ports/packages/git#*
+        pkgadd /usr/ports/packages/tmux#*
+        pkgadd /usr/ports/packages/prt-utils#*
+        pkgadd /usr/ports/packages/elfutils#*
         </pre>
 
         <pre>
@@ -344,7 +373,7 @@
 
         <a href="index.html">Core OS Index</a>
         <p>This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
-- 
cgit 1.4.1-2-gfad0


From 175b83995519059948b5d2e9da4a76c7ab070bc3 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Wed, 5 Jun 2019 23:03:43 +0000
Subject: fix core script setup-target.sh

---
 core/scripts/setup-target.sh | 55 ++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

(limited to 'core')

diff --git a/core/scripts/setup-target.sh b/core/scripts/setup-target.sh
index ecbe018..69b8640 100755
--- a/core/scripts/setup-target.sh
+++ b/core/scripts/setup-target.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 
-DEV=/dev
+DEV=/dev/sda
+VG=vg_system
 
 SETUP_TARGET="print"
 CHROOT="/mnt"
@@ -13,22 +14,21 @@ SCRIPTPATH=$(dirname "$SCRIPT")
 DIR=$(dirname "$SCRIPTPATH");
 DIR_LOCAL="$(dirname $(dirname ${DIR}))/local";
 
-ISO_FILE="${DIR_LOCAL}/crux-3.4.iso"
-
 ##read BLK_EFI
 BLK_EFI="${DEV}2"
 ##read BLK_BOOT
 BLK_BOOT="${DEV}3"
 ##read BLK_ROOT
-BLK_ROOT="${DEV}4"
+BLK_CRYPT="${DEV}4"
+BLK_ROOT="/dev/$VG/lv_root"
 ##read BLK_VAR
-BLK_VAR="${DEV}5"
+BLK_VAR="/dev/${VG}/lv_var"
 ##read BLK_USR
-BLK_USR="${DEV}6"
+#BLK_USR="${DEV}6"
 ##read BLK_SWP
-BLK_SWP="${DEV}7"
+BLK_SWP="/dev/${VG}/lv_swap"
 ##read BLK_HOME
-BLK_HOME="${DEV}8"
+BLK_HOME="/dev/${VG}/lv_home"
 
 
 # First we define the function
@@ -64,16 +64,21 @@ partition_target () {
         set 2 boot on \
         mkpart primary ext4 125 1128 \
         name 3 boot \
-        mkpart primary ext4 1128 5128 \
-        name 4 root \
-        mkpart primary ext4 5128 6128 \
-        name 5 var \
-        mkpart primary ext4 6128 14128 \
-        name 6 usr \
-        mkpart primary linux-swap 14128 18128 \
-        name 7 swap \
-        mkpart primary ext4 18128 100% \
-        name 8 home
+        mkpart primary 1128 100% \
+        set 4 lvm on
+
+    modprobe dm-crypt
+    cryptsetup luksFormat ${BLK_CRYPT}
+    cryptsetup luksOpen ${BLK_CRYPT} cryptlvm
+
+    pvcreate /dev/mapper/cryptlvm
+    vgcreate ${VG} /dev/mapper/cryptlvm
+
+    lvcreate -L 20G -n lv_root ${VG}
+    lvcreate -L 4G -n lv_var ${VG}
+    lvcreate -L 8G -n lv_swap ${VG}
+    lvcreate -L 120G -n lv_home ${VG}
+
 }
 
 mount_target () {
@@ -85,8 +90,8 @@ mount_target () {
     mkfs.ext4 $BLK_ROOT
     echo "1.1.2 Creating File System on $BLK_VAR with ext4:"
     mkfs.ext4 $BLK_VAR
-    echo "1.1.2 Creating File System on $BLK_USR with ext4:"
-    mkfs.ext4 $BLK_USR
+    #echo "1.1.2 Creating File System on $BLK_USR with ext4:"
+    #mkfs.ext4 $BLK_USR
     echo "1.1.2 Creating Swap File System on $BLK_SWP:"
     mkswap $BLK_SWP
     echo "1.1.2 Creating File System on $BLK_HOME with ext4:"
@@ -104,8 +109,8 @@ mount_target () {
     mkdir -p $CHROOT/var
     mount $BLK_VAR $CHROOT/var
 
-    mkdir -p $CHROOT/usr
-    mount $BLK_USR $CHROOT/usr
+    #mkdir -p $CHROOT/usr
+    #mount $BLK_USR $CHROOT/usr
 
     mkdir -p $CHROOT/home
     mount $BLK_HOME $CHROOT/home
@@ -152,16 +157,16 @@ enable_target () {
 print_target() {
     echo "Device: $DEV"
     echo "CHROOT: $CHROOT"
-    echo "ISO_FILE: $ISO_FILE"
-    echo "Option Selected: $SETUP_TARGET\n"
+    echo "Option Selected: $SETUP_TARGET"
 
     echo "1.1.2 EFI block; ($BLK_EFI)"
     echo "1.1.2 boot block; ($BLK_BOOT)"
+    echo "1.1.2 cryptlvm block; ($BLK_CRYPT)"
     echo "1.1.2 root block; ($BLK_ROOT)"
     echo "1.1.2 var block; ($BLK_VAR)"
     echo "1.1.2 usr block; ($BLK_USR)"
     echo "1.1.2 swap block; ($BLK_SWP)"
-    echo "1.1.2 home block; ($BLK_HOME)\n"
+    echo "1.1.2 home block; ($BLK_HOME)"
 
 
 }
-- 
cgit 1.4.1-2-gfad0