#!/bin/bash -x
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
for x in /etc/*.pacorig; do
# This started breaking immediately when I stoped doing genfstab.
# which will be the crypt device name under /dev/mapper/
# https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
-first_boot_dev=${BOOT_DEVICE%% *}
-crypt_dev=${first_boot_dev}$rootn
-crypt_name=$(/root/devbyid $crypt_dev)
-crypt_name=crypt_dev_${crypt_name##*/}
+
+root_devs=( ${ROOT_PARTITIONS} )
+first_root_dev=${root_devs[0]}
k_args=(
- cryptdevice=$crypt_dev:$crypt_name:allow-discards
- root=/dev/mapper/$crypt_name
- resume=${crypt_dev%[0-9]}$swapn
+ cryptdevices=${ROOT_PARTITIONS// /,}
+ root=/dev/mapper/crypt_dev_${first_root_dev##*/}
+ resume=${first_root_dev%[0-9]}$swapn
)
-crypt_mapper_devs=(/dev/mapper/crypt_dev_*$rootn)
-crypt_count=${#crypt_mapper_devs[@]}
-if [[ crypt_count == 0 ]]; then
- echo "$0: error: expected crypt_mapper_devs length to be > 0"
- ls -la /dev/mapper
- exit 1
-fi
-keyfile_vars=()
-dup_keys=()
extra_encrypt_hooks=()
# If we have more than 1 to decrypt, arch wiki lead me onto
# a sort of hacky way run the encrypt hook multiple times.
-for ((i=1; i < $crypt_count; i++)); do
- extra_encrypt_hooks+=(encrypt$i)
- if (( i = 1 )); then dup_keys=(" "); fi # prefix with an empty space
- cp /crypto_keyfile.bin /crypto_keyfile$i.bin
- dup_keys+=(/crypto_keyfile$i.bin)
- base=/usr/lib/initcpio
- cp $base/hooks/encrypt{,$i}
- cp $base/install/encrypt{,$i}
- sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
- sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
- crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
- crypt_dev=/dev/${crypt_name#crypt_dev_}
- k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
- cryptkey$i=rootfs:/crypto_keyfile$i.bin)
-done
+
+base=/usr/lib/initcpio
+
# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
# used to have lvm2 after encrypt for lvm, but not using lvm anymore
-for x in encrypt ${extra_encrypt_hooks[@]} btrfs; do
+for x in encrypt btrfs; do
sed -ri -f - /etc/mkinitcpio.conf <<EOF
/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
EOF
# this is the default file, otherwise you use cryptkey=device:fstype:path
sed -ri -f - /etc/mkinitcpio.conf <<EOF
-s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
+s#^\s*FILES=.*#FILES="/crypto_keyfile.bin"#
EOF
echo "$0: FILES:"
grep FILES /etc/mkinitcpio.conf
grub-install --recheck $dev
done
grub-mkconfig -o /boot/grub/grub.cfg
-pacman -S --noconfirm openssh unison
+# gtk2 is an optional dependency of unison.
+# debian's unison binary has it linked in,
+# so i install it so I can use the same binary for syncing
+# the two distros.
+pacman -S --noconfirm openssh unison gtk2 rsync
echo "root:$ROOTPW" | chpasswd -e
rm -rf /home/ian/.ssh
cp -r /root/.ssh /home/ian
-chown ian:ian /home/ian/.ssh
+chown -R ian:ian /home/ian/.ssh
# the groups recommended by
# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
usermod -aG games,rfkill,users,uucp,wheel ian